ALSA-2024:6194

[ALSA-2024:6194] Important: podman security update

Type:

security

Severity:

important

Release date:

2024-09-04

Description:

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

Security Fix(es):

* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
* go-retryablehttp: url might write sensitive information to log file (CVE-2024-6104)
* gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization (CVE-2024-37298)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	podman-remote-4.9.4-10.el9_4.aarch64.rpm	3191d6df39e6bc5d987bf53f7e4388a03e74c6959ab3576064fb03d6c84f21b2
aarch64	podman-plugins-4.9.4-10.el9_4.aarch64.rpm	a8f34bac8eaf149a70fd89e303d2c9da8fa03ef88adbb319e1401b3f75a773f6
aarch64	podman-tests-4.9.4-10.el9_4.aarch64.rpm	e67063d46592bc3cf3e29af3cbf8a9dbcdf6e902f955ce7645c87409a9c315e5
aarch64	podman-4.9.4-10.el9_4.aarch64.rpm	fbaf256b8541be47a1a5316d5ee78533f11558c88e707ec9cdf3d4e6b4821195
noarch	podman-docker-4.9.4-10.el9_4.noarch.rpm	9211804ac5d3c7cc1f7490d67ca70d07a72c9b68c3bc0830397903b832991129
ppc64le	podman-4.9.4-10.el9_4.ppc64le.rpm	2190744c406ca17471647c7a29b0d734f5b2f3e39f502daafea1ea647141ba14
ppc64le	podman-remote-4.9.4-10.el9_4.ppc64le.rpm	2cfc25f2ab2b7195bb7c46366874599406cc14727f2c2a0d54344dadb04e970a
ppc64le	podman-plugins-4.9.4-10.el9_4.ppc64le.rpm	d325adaf3e144712854d27c529b374983bbc5a3a5c998e39637a4f28b6ce6f68
ppc64le	podman-tests-4.9.4-10.el9_4.ppc64le.rpm	fa38c162a9e55fd76c6d7d5d552b784e6f84fc552492e7fc2057d2652136c273
s390x	podman-remote-4.9.4-10.el9_4.s390x.rpm	8ae4d1e9faf7f2144b44123b66f084a8bbfdd0adee14f95774d9efe3726cec45
s390x	podman-tests-4.9.4-10.el9_4.s390x.rpm	f3b4645129d4f522c082fa800e3fe3bf3d817d2ca3a45da57eb7af00f8c7749e
s390x	podman-4.9.4-10.el9_4.s390x.rpm	f5cd26e686b73ec23ecf9567f25920c2e9d5a7f74766b9fdfd489a2260f4d16c
s390x	podman-plugins-4.9.4-10.el9_4.s390x.rpm	ffb0475f78cceb0ea7ee38a38f8b32b769bde7896a09341cae68aa326623d4e3
x86_64	podman-4.9.4-10.el9_4.x86_64.rpm	0065efd816f914e7a04810d746cac815a820202a51c0b21f53b2255096a25fe5
x86_64	podman-tests-4.9.4-10.el9_4.x86_64.rpm	2f25f4cc051c8c851bfb4f4d4ea282df49c6aa932636717ea3d421aafeb9082f
x86_64	podman-remote-4.9.4-10.el9_4.x86_64.rpm	3b3b526b3a8053d41cfc2f97db79042ae673560f012f0006a46ef0cea60de259
x86_64	podman-plugins-4.9.4-10.el9_4.x86_64.rpm	eebed07819d4006101831f29b18b1ca602869adc08c2b6a81987abe78bac1be7

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.