RedHat: RHSA-2020-1227:01 Moderate: podman security, bug fix,

    Date31 Mar 2020
    205
    Posted ByLinuxSecurity Advisories
    An update for podman is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: podman security, bug fix, and enhancement update
    Advisory ID:       RHSA-2020:1227-01
    Product:           Red Hat Enterprise Linux Extras
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:1227
    Issue date:        2020-03-31
    CVE Names:         CVE-2019-18466 CVE-2020-1702 
    =====================================================================
    
    1. Summary:
    
    An update for podman is now available for Red Hat Enterprise Linux 7
    Extras.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux 7 Extras - noarch, ppc64le, s390x, x86_64
    
    3. Description:
    
    The podman tool manages pods, container images, and containers. It is part
    of the libpod library, which is for applications that use container pods.
    Container pods is a concept in Kubernetes.
    
    Security Fix(es):
    
    * podman: resolving symlink in host filesystem leads to unexpected results
    of copy operation (CVE-2019-18466)
    
    * containers/image: Container images read entire image manifest into memory
    (CVE-2020-1702)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Bug Fix(es):
    
    * [extras-rhel-7] conmon binary stripped but debuginfo not generated
    (BZ#1650395)
    
    * Cannot run systemd-container with SCL service due to RHSA-2019:2091 fix
    (BZ#1758509)
    
    * Podman does not enforce registries.block in the registries.conf file
    (BZ#1787666)
    
    * podman and podman-manpages needs merging (BZ#1788549)
    
    * podman should be linked against gpgme-pthread (BZ#1793083)
    
    * podman cannot support load tarball which the name with colon but docker
    can support this (BZ#1797599)
    
    * podman (1.6.4) rhel 8.1 no route to host from inside container
    [extras-rhel-7.8/podman] (BZ#1806895)
    
    * Podman can't reuse a container name, even if the container that was using
    it is no longer around [extras-rhel-7.8/podman] (BZ#1807437)
    
    * podman exec does not reads from stdin [extras-rhel-7.8/podman]
    (BZ#1807586)
    
    * [FJ8.2 Bug]: [REG]The "--group-add" option of "podman create" doesn't
    function. [extras-rhel-7.8/podman] (BZ#1808702)
    
    Enhancement(s):
    
    * [RFE] sctp support for podman (BZ#1664218)
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1650395 - [extras-rhel-7] conmon binary stripped but debuginfo not generated
    1744588 - CVE-2019-18466 podman: resolving symlink in host filesystem leads to unexpected results of copy operation
    1758509 - Cannot run systemd-container with SCL service due to RHSA-2019:2091 fix
    1788549 - podman and podman-manpages needs merging
    1792796 - CVE-2020-1702 containers/image: Container images read entire image manifest into memory
    1797599 - podman cannot support load tarball which the name with colon but docker can support this
    1806895 - podman (1.6.4) rhel 8.1 no route to host from inside container [extras-rhel-7.8/podman]
    1807437 - Podman can't reuse a container name, even if the container that was using it is no longer around [extras-rhel-7.8/podman]
    1807586 - podman exec does not reads from stdin [extras-rhel-7.8/podman]
    1808702 - [FJ8.2 Bug]: [REG]The "--group-add" option of "podman create" doesn't function. [extras-rhel-7.8/podman]
    
    6. Package List:
    
    Red Hat Enterprise Linux 7 Extras:
    
    Source:
    podman-1.6.4-16.el7_8.src.rpm
    
    noarch:
    podman-docker-1.6.4-16.el7_8.noarch.rpm
    
    ppc64le:
    podman-1.6.4-16.el7_8.ppc64le.rpm
    podman-debuginfo-1.6.4-16.el7_8.ppc64le.rpm
    
    s390x:
    podman-1.6.4-16.el7_8.s390x.rpm
    podman-debuginfo-1.6.4-16.el7_8.s390x.rpm
    
    x86_64:
    podman-1.6.4-16.el7_8.x86_64.rpm
    podman-debuginfo-1.6.4-16.el7_8.x86_64.rpm
    
    Red Hat Enterprise Linux 7 Extras:
    
    Source:
    podman-1.6.4-16.el7_8.src.rpm
    
    noarch:
    podman-docker-1.6.4-16.el7_8.noarch.rpm
    
    x86_64:
    podman-1.6.4-16.el7_8.x86_64.rpm
    podman-debuginfo-1.6.4-16.el7_8.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-18466
    https://access.redhat.com/security/cve/CVE-2020-1702
    https://access.redhat.com/security/updates/classification/#moderate
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXoPf99zjgjWX9erEAQjdHA/+Oqk+XcsMWVkfj+1ZbVYczkGcnWC01hDW
    Emgu22gTuMtdwuDG9lHy0vLMPva64FzkWV0marDYkkCuCS2cUD/irzoA0X/m4/GZ
    Yho4BQ+6fCWZ/3P0C+F+xCrz7FWFy/Ib4rV4KhyaKq9qjB6W9guXfRR3Pxe5oohX
    6euia8BdVw6sdNLG9tCrhENYM/zb76zwWWuwVWBYYsCHh2b6v2P6zutIoKhon1hN
    LQ2LIwFjfjFJxXuDDpTIt2Y4y7SkTGsJ/DGUyyHyCbKAf84+t3srN3q/B7DM2O8I
    x4vZLmL6kiZ88dfHl3Z8y6SL7+8xUBHAfvllEqRm6DRXpPMVBSDnVHuf8AGBI/EY
    2HOAMUqE2UKYXaX7ZbbnVRZGf7MlBjrdGJs28QOid0FgJB4y1qPdymSst35pWPHd
    G0OXhj3WxeE4Pfb6gzRRowMGTipRIAMuGDCGJKL9hcg9gC9l/Yianf0mrg8SLzUC
    QwkQDbY1goUDbW8eLv9peFiwBz755CwOLP9G6t8Vmj+zNiTRy5vuadSpLYOzkLK1
    8tEbMS51rH+fWAq4Egmwsvu5XMcMcY/00NfgXMBIBrVFIcYN2yzXHdijEF9jqABz
    bNgIaM15wHAOZxc5Qey1a5/CMlm449WXQYrn1I+P9LCU+ZOqHOOxM0+RtSqdlPYG
    +ymH1Ihp5tE=
    =8y7H
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"90","type":"x","order":"1","pct":78.95,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.79,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.26,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.