[ALSA-2024:2548] Moderate: podman security and bug fix update
Type:
security
Severity:
moderate
Release date:
2024-05-07
Description:
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: * podman: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786) * podman: buildah: full container escape at build time (CVE-2024-1753) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fixes: * liveness probe not called by podman when using httpGet (JIRA:AlmaLinux-28633) * Unable to copy image from one virtual machine to another using "podman image scp" (JIRA:AlmaLinux-28629) * [v4.9] Backport two docker CLI compatibility fixes (JIRA:AlmaLinux-28636) * Issue in podman causing S2I to fail in overwriting ENTRYPOINT (JIRA:AlmaLinux-14922) * Need to backport podman fix for SIGSEGV in AlmaLinux 9.3/8.9 for UBI based containers (JIRA:AlmaLinux-26843)
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 podman-4.9.4-3.el9_4.aarch64.rpm 17c84360ae5a25c309b1b5350a33ee76e569ec6e6c5d8b0401d4091aa7fb1efa
aarch64 podman-remote-4.9.4-3.el9_4.aarch64.rpm 2ab638000ec9566e5efd5d98c820b1c6635623ad4ed0606e07713dd536e55ed0
aarch64 podman-tests-4.9.4-3.el9_4.aarch64.rpm 9c5e03d5d3ffe042a105d1e1764b122ca7d70050236ef340786bb1c1b66c2425
aarch64 podman-plugins-4.9.4-3.el9_4.aarch64.rpm e314a85a6390fd26608d70bbf78568c116e417105559b7ceb95ee346104b6557
noarch podman-docker-4.9.4-3.el9_4.noarch.rpm edc23a43c6ee0d766ffe41a44709a24a1f5464266842fb1c10b47288866212f0
ppc64le podman-plugins-4.9.4-3.el9_4.ppc64le.rpm 786d3210bbee663380356369a934fe4cb1572494bb8b74f15186aa79063c1cca
ppc64le podman-tests-4.9.4-3.el9_4.ppc64le.rpm 8195cc0bd74104d34df6779a96c98f870aa45b7db795044ac62a0d901ea6525b
ppc64le podman-remote-4.9.4-3.el9_4.ppc64le.rpm 9da0f050772722ff6b610e910fac324246d7e822d50946f847d525a314baeb05
ppc64le podman-4.9.4-3.el9_4.ppc64le.rpm f41e697ace0477f892710ef7fd32498f72d5b23cb8aae67abf14e1bd46c1a68f
s390x podman-4.9.4-3.el9_4.s390x.rpm 48402bd0fb0a16967674d3601f4db871d016e4fa7b4d425897d75f9bb3929f6c
s390x podman-plugins-4.9.4-3.el9_4.s390x.rpm 7dff49b06f1aea0f079b9de987cb23e326e0b44c7f682e9c2e0841fd9c8da06f
s390x podman-remote-4.9.4-3.el9_4.s390x.rpm 9677aef4f072fafcbd132e3b2a4ec028a5b53c7c5a0672397f5528afdcd70157
s390x podman-tests-4.9.4-3.el9_4.s390x.rpm a5000827c76c68c65dd24018b7032e1093ae7493c95c061a358da45df9e39eb5
x86_64 podman-4.9.4-3.el9_4.x86_64.rpm 3bb64b40fd9c828df1390a1ff5c5d7078b94354c86099c01f8aba90bf643210a
x86_64 podman-plugins-4.9.4-3.el9_4.x86_64.rpm 50a897f230e9576f58b415a09134ad55d8e985f0d248db305086df2920fd4940
x86_64 podman-tests-4.9.4-3.el9_4.x86_64.rpm 6b018fb6fd923c47e11b133af2cbf5e8490a7f7cdd18a830ae2f01565aaea2f9
x86_64 podman-remote-4.9.4-3.el9_4.x86_64.rpm ffae08bde33407381c1f879c24c3a33717f0a22a0a54ca99ea4fb96818aa9a94
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.