Stay Secure with the Latest Linux Advisories

security advisoryFedorasecurity fix

Fedora 40: Security Fix For Netavark and Podman - CVE-2024-1753

Security fix for CVE-2024-1753 Automatic update for podman-5.0.0-1.fc40. Changelog for podman * Tue Mar 19 2024 Packit - 5:5.0.0-1 - [packit] 5.0.0 upstream release . -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-a267e93f8c 2024-03-27 00:14:45.218270 -------------------------------------------------------------------------------- Name : netavark Product : Fedora 40 Version : 1.10.3 Release : 3.fc40 URL : https://github.com/containers/netavark Summary : OCI network stack Description : OCI network stack Netavark is a rust based network stack for containers. It is being designed to work with Podman but is also applicable for other OCI container management applications. Netavark is a tool for configuring networking for Linux containers. Its features include: * Configuration of container networks via JSON configuration file * Creation and management of required network interfaces, including MACVLAN networks * All required firewall configuration to perform NAT and port forwarding as required for containers * Support for iptables and firewalld at present, with support for nftables planned in a future release * Support for rootless containers * Support for IPv4 and IPv6 * Support for container DNS resolution via aardvark-dns. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2024-1753 Automatic update for podman-5.0.0-1.fc40. Changelog for podman * Tue Mar 19 2024 Packit - 5:5.0.0-1 - [packit] 5.0.0 upstream release * Fri Mar 15 2024 Packit - 5:5.0.0~rc7-1 - [packit] 5.0.0-rc7 upstream release * Wed Mar 13 2024 Lokesh Mandvekar - 5:5.0.0~rc6-2 - Resolves: #2269148 - make passt a hard dep * Mon Mar 11 2024 Packit - 5:5.0.0~rc6-1 - [packit] 5.0.0-rc6 upstream release * Fri Mar 08 2024 Packit - 5:5.0.0~rc5-1 - [packit] 5.0.0-rc5 upstream release * Tue Mar 05 2024 Packit - 5:5.0.0~rc4-1 - [packit] 5.0.0-rc4 upstream release * Fri Mar 01 2024 Debarshi Ray - 5:5.0.0~rc3-5 - Show the toolbox RPMs used to run the tests * Fri Mar 01 2024 Debarshi Ray - 5:5.0.0~rc3-4 - Avoid running out of storage space when running the Toolbx tests * Fri Mar 01 2024 Debarshi Ray - 5:5.0.0~rc3-3 - Silence warnings about deprecated grep(1) use in test logs * Fri Mar 01 2024 Debarshi Ray - 5:5.0.0~rc3-2 - Update how Toolbx is spelt * Thu Feb 22 2024 Packit - 5:5.0.0~rc3-1 - [packit] 5.0.0-rc3 upstream release Automatic update for podman-5.0.0~rc7-1.fc40. Changelog for podman * Fri Mar 15 2024 Packit - 5:5.0.0~rc7-1 - [packit] 5.0.0-rc7 upstream release * Wed Mar 13 2024 Lokesh Mandvekar - 5:5.0.0~rc6-2 - Resolves: #2269148 - make passt a hard dep * Mon Mar 11 2024 Packit - 5:5.0.0~rc6-1 - [packit] 5.0.0-rc6 upstream release * Fri Mar 08 2024 Packit - 5:5.0.0~rc5-1 - [packit] 5.0.0-rc5 upstream release * Tue Mar 05 2024 Packit - 5:5.0.0~rc4-1 - [packit] 5.0.0-rc4 upstream release * Fri Mar 01 2024 Debarshi Ray - 5:5.0.0~rc3-5 - Show the toolbox RPMs used to run the tests * Fri Mar 01 2024 Debarshi Ray - 5:5.0.0~rc3-4 - Avoid running out of storage space when running the Toolbx tests * Fri Mar 01 2024 Debarshi Ray - 5:5.0.0~rc3-3 - Silence warnings about deprecated grep(1) use in test logs * Fri Mar 01 2024 Debarshi Ray - 5:5.0.0~rc3-2 - Update how Toolbx is spelt * Thu Feb 22 2024 Packit - 5:5.0.0~rc3-1 - [packit] 5.0.0-rc3 upstream release make passt and netavark hard dependencies for podman Automatic update for podman-5.0.0~rc6-1.fc40. Changelog for podman * Mon Mar 11 2024 Packit - 5:5.0.0~rc6-1 - [packit] 5.0.0-rc6 upstream release * Fri Mar 08 2024 Packit - 5:5.0.0~rc5-1 - [packit] 5.0.0-rc5 upstream release * Tue Mar 05 2024 Packit - 5:5.0.0~rc4-1 - [packit] 5.0.0-rc4 upstream release * Fri Mar 01 2024 Debarshi Ray - 5:5.0.0~rc3-5 - Show the toolbox RPMs used to run the tests * Fri Mar 01 2024 Debarshi Ray -5:5.0.0~rc3-4 - Avoid running out of storage space when running the Toolbx tests * Fri Mar 01 2024 Debarshi Ray - 5:5.0.0~rc3-3 - Silence warnings about deprecated grep(1) use in test logs * Fri Mar 01 2024 Debarshi Ray - 5:5.0.0~rc3-2 - Update how Toolbx is spelt * Thu Feb 22 2024 Packit - 5:5.0.0~rc3-1 - [packit] 5.0.0-rc3 upstream release Automatic update for podman-5.0.0~rc5-1.fc40. Changelog for podman * Fri Mar 08 2024 Packit - 5:5.0.0~rc5-1 - [packit] 5.0.0-rc5 upstream release * Tue Mar 05 2024 Packit - 5:5.0.0~rc4-1 - [packit] 5.0.0-rc4 upstream release * Fri Mar 01 2024 Debarshi Ray - 5:5.0.0~rc3-5 - Show the toolbox RPMs used to run the tests * Fri Mar 01 2024 Debarshi Ray - 5:5.0.0~rc3-4 - Avoid running out of storage space when running the Toolbx tests * Fri Mar 01 2024 Debarshi Ray - 5:5.0.0~rc3-3 - Silence warnings about deprecated grep(1) use in test logs * Fri Mar 01 2024 Debarshi Ray - 5:5.0.0~rc3-2 - Update how Toolbx is spelt * Thu Feb 22 2024 Packit - 5:5.0.0~rc3-1 - [packit] 5.0.0-rc3 upstream release Automatic update for podman-5.0.0~rc4-1.fc40. Automatic update for podman-5.0.0~rc3-1.fc40. Removing podman 5.0.0-rc6 build to let the rest of this get past gating. We already have v5.0.0 bodhi for f40. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 20 2024 Lokesh Mandvekar - 0:1.10.3-3 - rebuild for podman 5 f40 bodhi * Wed Mar 13 2024 Lokesh Mandvekar - 0:1.10.3-2 - make aardvark-dns a hard dep across the board -------------------------------------------------------------------------------- References: [ 1 ] Bug #2265513 - CVE-2024-1753 buildah: full container escape at build time https://bugzilla.redhat.com/show_bug.cgi?id=2265513 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-a267e93f8c' at the command line. For moreinformation, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Patch release and system update for Fedora's netavark and podman software mitigating CVE-2024-1753 vulnerability.. netavark security fix, Fedora updates, podman vulnerability management. . Severity: Important. LinuxSecurity.com Team

Mar 27, 2024 •Important Fedora