Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2022:23018-1 Moderate: Podman Security Issues Resolved

suse
Calendar Grey March 4, 2022
Dist Suse Esm H88
The recent patch resolves multiple vulnerabilities in Podman and its associated libraries within SUSE environments, reinforcing overall system security.
An update that solves 7 vulnerabilities, contains one feature and has one errata is now available

Summary

This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: - fix CVE-2021-41190 [bsc#1193273], opencontainers: OCI manifest and index parsing confusion - fix CVE-2021-4024 [bsc#1193166], podman machine spawns gvproxy with port binded to all IPs - fix CVE-2021-20199 [bsc#1181640], Remote traffic to rootless containers is seen as orginating from localhost - Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade path from podman < 3.1.2 Update to version 3.4.4: * Bugfixes - Fixed a bug where the podman exec command would, under some circumstances, print a warning message about failing to move conmon to the appropriate cgroup (#12535). - Fixed a bug where named volumes created as part of container

Topics%20covered

Topics Covered

security advisory security issue SUSE feature update podman container management libseccomp

References

#1176804 #1177598 #1181640 #1182998 #1188520

#1188914 #1193166 #1193273 SLE-22714

Cross- CVE-2020-14370 CVE-2020-15157 CVE-2021-20199

CVE-2021-20291 CVE-2021-3602 CVE-2021-4024

CVE-2021-41190

CVSS scores:

CVE-2020-14370 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2020-15157 (NVD) : 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

CVE-2020-15157 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

CVE-2021-20199 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2021-20199 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2021-20291 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2021-20291 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Announcement ID: SUSE-SU-2022:23018-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory security issue SUSE feature update podman container management libseccomp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here