Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Fedora 34: 2022-df00ab8dfb Critical: Podman DoS Security Fix

fedora
Calendar Grey April 24, 2021
Dist Fedora Esm H88
Fedora introduces Podman update resolving a Denial of Service vulnerability linked to CVE-2021-20291 alongside improvements for enhanced container governance.
- crun and runc both `Provides: oci-runtime`

Summary

podman (Pod Manager) is a fully featured container engine that is a simple

daemonless tool. podman provides a Docker-CLI comparable command line that

eases the transition from other container engines and allows the management of

pods, containers and images. Simply put: alias docker=podman.

Most podman commands can be run as a regular user, without requiring

additional privileges.

podman uses Buildah(1) internally to create container images.

Both tools share image (not container) storage, hence each can use or

manipulate images (but not containers) created by the other.

Manage Pods, Containers and Container Images

podman Simple management tool for pods, containers and images

- crun and runc both `Provides: oci-runtime`. - containers-common now has

`Requires: oci-runtime`. - `dnf install oci-runtime` will install crun by

default unless runc is already installed. ---- buildah: Security fix for

CVE-2021-20291 Autobuilt v1.20.1

* Thu Apr 22 2021 Lokesh Mandvekar - 2:3.1.2-1

- bump to v3.1.2

* Mon Apr 19 2021 Lokesh Mandvekar - 2:3.1.1-2

- update dependencies

* Mon Apr 19 2021 RH Container Bot - 2:3.1.1-1

- autobuilt v3.1.1

[ 1 ] Bug #1939485 - CVE-2021-20291 containers/storage: DoS via malicious image

https://bugzilla.redhat.com/show_bug.cgi?id=1939485

su -c 'dnf upgrade --advisory FEDORA-2021-ec00da7faa' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory fedora update Fedora DoS security fix dos podman container management

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 33
Version: 3.1.2
Release: 1.fc33
URL: https://podman.io/
Summary: Manage Pods, Containers and Container Images

Topics%20covered

Topics Covered

security advisory fedora update Fedora DoS security fix dos podman container management

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here