SUSE: 2020:3378-1 Moderate: podman Security Update for CVE-2020-14370
suse
November 19, 2020
An update that solves one vulnerability and has two fixes is now available
Summary
This update for podman fixes the following issues: Security issue fixed: - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API (bsc#1176804). Non-security issues fixed: - add dependency to timezone package or podman fails to build a container (bsc#1178122) - Install new auto-update system units - Update to v2.1.1 (bsc#1178392): * Changes - The `podman info` command now includes the cgroup manager Podman is using. * API - The REST API now includes a Server header in all responses. - Fixed a bug where the Libpod and Compat Attach endpoints could terminate early, before sending all output from the container. - Fixed a bug where the Compat Create endpoint for containers did not properly handle the Interactive parameter.
References
#1176804 #1178122 #1178392
Cross- CVE-2020-14370
Affected Products:
SUSE Linux Enterprise Module for Containers 15-SP2
SUSE Linux Enterprise Module for Containers 15-SP1
SUSE Enterprise Storage 7
https://www.suse.com/security/cve/CVE-2020-14370.html
https://bugzilla.suse.com/1176804
https://bugzilla.suse.com/1178122
https://bugzilla.suse.com/1178392
PREVIOUS
NEXT
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!