ALSA-2024:9454

[ALSA-2024:9454] Important: podman security update

Type:

security

Severity:

important

Release date:

2024-11-18

Description:

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.  

Security Fix(es):  

  * go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155)
  * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)
  * go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158)
  * Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (CVE-2024-9341)
  * Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (CVE-2024-9407)
  * buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)
  * Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (CVE-2024-9676)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	podman-tests-5.2.2-9.el9_5.aarch64.rpm	28b2f96e4e495dbde98dfc1c3da23c1ff1becf9d227b33163b81726c71ab52e5
aarch64	podman-plugins-5.2.2-9.el9_5.aarch64.rpm	5a885f8a2c7d5599176aa644f5ef6104aa9963cece97427988cc288a7cda0e7f
aarch64	podman-remote-5.2.2-9.el9_5.aarch64.rpm	8908efc965d4dd534c38382508cbc8a8a05d414c6187a6366ed9b637c6abdc07
aarch64	podman-5.2.2-9.el9_5.aarch64.rpm	d3a5a7af92bf15f19d1d5e453eee183db6ffacf446501719fc683501ed745da5
noarch	podman-docker-5.2.2-9.el9_5.noarch.rpm	3cf500c963e97a37b41255a5f3b5242353a74dfcfb4df4438197b74a571d7958
ppc64le	podman-plugins-5.2.2-9.el9_5.ppc64le.rpm	1047ca18479cb69c90142109b79f4636ac689b08af9884c61e6228631ec30d0a
ppc64le	podman-remote-5.2.2-9.el9_5.ppc64le.rpm	31ef2fc00be3200fd9e8d5ad7c498a26d50d0ef9853aa5e46fc79d0c091057e8
ppc64le	podman-tests-5.2.2-9.el9_5.ppc64le.rpm	8af5d16f5d12e8af109539e561af5c65e23cefa2d9c9c807190a120fa78cb3bb
ppc64le	podman-5.2.2-9.el9_5.ppc64le.rpm	a0670732adc0b54680254ff66722baf1a1a5461ef66d704bdc987a55076830cc
s390x	podman-tests-5.2.2-9.el9_5.s390x.rpm	0fb578e9c9d3e35aba90b7f23d9e146fceb5f6980ec5416dff450a7d9236b3c6
s390x	podman-5.2.2-9.el9_5.s390x.rpm	9f37cd5b6aa6a3f85b8c2876567f8ed318d5b361ba4fb5c7af98e219e7d7c700
s390x	podman-remote-5.2.2-9.el9_5.s390x.rpm	c97824504691b3879dc9230135392f25dbbea934726c5b06be936851462134bf
s390x	podman-plugins-5.2.2-9.el9_5.s390x.rpm	e23986b1676ff487c118554b1165cf765c0f5ab2f76cb5b94340da0dede50b7c
x86_64	podman-remote-5.2.2-9.el9_5.x86_64.rpm	03f65649135c6f711907cbddc4934c98a21ec3c56511949f505410d4151a31ed
x86_64	podman-plugins-5.2.2-9.el9_5.x86_64.rpm	25c43237e7946973c2a9747a932d0061eb51245bb2d3d40b255fc5fc74e7b551
x86_64	podman-tests-5.2.2-9.el9_5.x86_64.rpm	cb578e1d4dd6455531e9d0d2d0bb8a6577cc8f74d47a6862a30f70cac76924f3
x86_64	podman-5.2.2-9.el9_5.x86_64.rpm	e1239794a7f3c56d6787d80a2ca3ceae3d89f16362022fc11e3b8eaa64c445d2

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.