Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisoryfedoracertificate authorityFedora 44 rust-webpki-root-certs Update Mozilla Trusted Certs 2026-0010-1
Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the networking stack used by uv. While its developers think that breakage will be rare, it is possible that these changes will result in the rejection of certificates previously trusted by uv so, they have marked the change as breaking out of an abundance of caution. The changes are largely driven by the. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b8b59dcf44 2026-03-28 00:15:26.019955+00:00 -------------------------------------------------------------------------------- Name : rust-webpki-root-certs Product : Fedora 44 Version : 1.0.6 Release : 1.fc44 URL : https://crates.io/crates/webpki-root-certs Summary : Mozilla trusted certificate authorities in self-signed X.509 format Description : Mozilla trusted certificate authorities in self-signed X.509 format for use with crates other than webpki. -------------------------------------------------------------------------------- Update Information: Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the networking stack used by uv. While its developers think that breakage will be rare, it is possible that these changes will result in the rejection of certificates previously trusted by uv so, they have marked the change as breaking out of an abundance of caution. The changes are largely driven by the upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included some breaking changes to TLS certificate verification. This update also includes updates for several of uv\u2019s Rust library dependencies. Update rust-openssl-probe to 0.2.1, including breaking changes introduced in 0.2.0, and introduce a new rust-openssl-probe0.1 compat package. Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2. Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option, added stack_from_pem, and upgraded openssl-probe to 0.2. Version0.2.17 added support for ALPN on the server side. Version 0.2.18 fixed min/max protocol selection fallback for very old OpenSSL versions. Add an initial package for rust-webpki-root-certs. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 25 2026 Benjamin A. Beasley - 1.0.6-1 - Initial package (close RHBZ#2451103) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2425802 [ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2425819 [ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432768 [ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432769 [ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432770 [ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432771 [ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432772 [ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432773 [ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432774 [ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432775 [ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432776 [ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432777 [ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 isavailable https://bugzilla.redhat.com/show_bug.cgi?id=2432779 [ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=2436289 [ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437941 [ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437942 [ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437976 [ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439752 [ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2450541 [ 20 ] Bug #2450582 - uv-0.11.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2450582 [ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format https://bugzilla.redhat.com/show_bug.cgi?id=2451103 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Explore the latest updates on Mozilla trusted root certificates and associated changes in Fedora 44 Networking.. Fedora 44, rust-webpki-root-certs, uv, TLS changes, networking stack. . Severity: Important. LinuxSecurity.com Team
Mar 28, 2026
•Important
Fedora
203
security advisorytls certificateMageiaMageia 9: perl-CPAN & perl-HTTP-Tiny Security Updates MGASA-2025-0276
MGASA-2025-0276 - Updated perl-CPAN & perl-HTTP-Tiny packages fix security vulnerabilities. MGASA-2025-0276 - Updated perl-CPAN & perl-HTTP-Tiny packages fix security vulnerabilities Publication date: 12 Nov 2025 URL: https://advisories.mageia.org/MGASA-2025-0276.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-31484, CVE-2023-31486 Description: CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. (CVE-2023-31484) HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. (CVE-2023-31486) References: - https://bugs.mageia.org/show_bug.cgi?id=31852 - https://www.openwall.com/lists/oss-security/2023/04/29/1 - https://www.cve.org/CVERecord?id=CVE-2023-31484 - https://www.cve.org/CVERecord?id=CVE-2023-31486 SRPMS: - 9/core/perl-CPAN-2.340.0-1.1.mga9 - 9/core/perl-HTTP-Tiny-0.82.0-1.1.mga9 . Updated perl-CPAN and perl-HTTP-Tiny address security issues with ignoring TLS certificate verification.. CVE-2023-31484, Mageia, perl-CPAN, perl-HTTP-Tiny, TLS security. . Severity: Critical. LinuxSecurity.com Team
Nov 12, 2025
•Critical
Mageia
100
security advisoryimportantSuSE LinuxSUSE Linux Micro: Fix for Podman TLS Certificate Issue CVE-2025-6032
* bsc#1239088 * bsc#1242132 * bsc#1245320 Cross-References: . # Security update for podman Announcement ID: SUSE-SU-2025:20805-1 Release Date: 2025-10-01T13:49:41Z Rating: important References: * bsc#1239088 * bsc#1242132 * bsc#1245320 Cross-References: * CVE-2025-6032 CVSS scores: * CVE-2025-6032 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-6032 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-6032 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability and has two fixes can now be installed. ## Description: This update for podman fixes the following issues: * CVE-2025-6032: Fixed machine init command failing to verify TLS certificate (bsc#1245320) * Fix conditional Requires (remove deprecated sle_version macro) * Update to version 5.4.2: * Add release notes for v5.4.2 * Fix a potential deadlock during `podman cp` * Improve the file format documentation of podman-import. * Revert "podman-import only supports gz and tar" * Bump buildah to v1.39.4 * libpod: do not cover idmapped mountpoint * test: Fix runc error message * oci: report empty exec path as ENOENT * test: adapt tests new crun error messages * test: remove duplicate test * cirrus: test only on f41/rawhide * CI: use z1d instance for windows machine testing * New images 2025-03-24 * test/e2e: use go net.Dial() ov nc * test: use ncat over nc * New images 2025-03-12 * RPM: Add riscv64 to ExclusiveArch-es * Fix HealthCheck log destination, count, and size defaults * Win installer test: hardcode latest GH release ID * Packit: Fix action script for fetching upstream commit * Bump to v5.4.2-dev * Bump to v5.4.1 * update gvproxy version to 0.8.4 * Update Buildah to v1.39.2 * Update release notes for v5.4.1 * Fix reporting summed image size for compat endpoint * podman-import only supports gzand tar * quadlet kube: correctly mark unit as failed * pkg/domain/infra/abi/play.go: fix two nilness issues * kube play: don't print start errors twice * libpod: race in WaitForConditionWithInterval() * libpod: race in WaitForExit() with autoremove * Don't try to resolve host path if copying to container from stdin. * Use svg for pkginstaller banner * Create quota before _data dir for volumes * Packit: clarify secondary status in CI * Packit/RPM: Display upstream commit SHA in all rpm builds * podman run: fix --pids-limit -1 wrt runc * vendor: update github.com/go-jose/go-jose/v3 to v3.0.4 * chore(deps): update module github.com/go-jose/go-jose/v4 to v4.0.5 [security] * wire up --retry-delay for artifact pull * Revert "silence false positve from golangci-lint" * update golangci-lint to v1.64.4 * update golangci-lint to v1.64.2 * silence false positve from golangci-lint * cmd/podman: refactor Context handling * fix new usetesting lint issue * Packit/Copr: Fix `podman version` in rpm * Remove persist directory when cleaning up Conmon files * Bump to v5.4.1-dev * Bump to v5.4.0 * Update release notes for v5.4.0 final * In SQLite state, use defaults for empty-string checks * Bump FreeBSD version to 13.4 * docs: add v5.4 to API reference * Update rpm/podman.spec * RPM: set buildOrigin in LDFLAG * RPM: cleanup macro defs * Makefile: escape BUILD_ORIGIN properly * rootless: fix hang on s390x * Set Cirrus DEST_BRANCH appropriately to fix CI * Bump to v5.4.0-dev * Bump to v5.4.0-rc3 * Update release notes for v5.4.0-rc3 * Add BuildOrigin field to podman info * artifact: only allow single manifest * test/e2e: improve write/removeConf() * Add --noheading to artifact ls * Add --no-trunc to artifact ls * Add type and annotations to artifact add * pkg/api: honor cdi devices from the hostconfig * util: replace Walk with WalkDir * fix(pkg/rootless): avoid memleak during init() contructor. * Add `machine init --playbook` * RPM:include empty check to silence rpmlint * RPM: adjust qemu dependencies * Force use of iptables on Windows WSL * rpm: add attr as dependency for podman-tests * update gvproxy version * [v5.4] Bump Buildah to v1.39.0 * podman exec: correctly support detaching * libpod: remove unused ExecStartAndAttach() * [v5.4] Bump c/storage to v1.57.1, c/image v5.34.0, c/common v0.62.0 * Move detection of libkrun and intel * Prevent two podman machines running on darwin * Remove unnecessary error handling * Remove usused Kind() function * Bump to v5.4.0-dev * Bump to v5.4.0-rc2 * Update release notes for v5.4.0-rc2 * Safer use of `filepath.EvalSymlinks()` on Windows * error with libkrun on intel-based machines * chore(deps): update dependency pytest to v8.3.4 * test/buildah-bud: skip two new problematic tests on remote * Fix podman-restart.service when there are no containers * Avoid upgrading from v5.3.1 on Windows * Clean up after unexpectedly terminated build * system-tests: switch ls with getfattr for selinux tests * vendor latest c/{buildah,common,image,storage} * Makefile: Add validatepr description for 'make help' output * docs: Enhance podman build --secret documentation and add examples * docs: mount.md - idmapped mounts only work for root user * Define, and use, PodmanExitCleanlyWithOptions * Eliminate PodmanSystemdScope * Fix image ID query * Revert "Use the config digest to compare images loaded/pulled using different methods" * Update c/image after https://github.com/containers/image/pull/2613 * Update expected errors when pulling encrypted images * Eliminate PodmanExtraFiles * Introduce PodmanTestIntegration.PodmanWithOptions * Restructure use of options * Inline PodmanBase into callers * Pass all of PodmanExecOptions to various [mM]akeOptions functions * Turn PodmanAsUserBase into PodmanExecBaseWithOptions * Avoid indirect links through quadlet(5) * do not set the CreateCommand for API users * Add podman manifest rm --ignore * Bump to v5.4.0-dev * Bump to v5.4.0-rc1 * fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.2 * podman artifact * vendor latest c/{common,image,storage} * fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.3.2 * cirrus: bump macos machine test timeout * pkg/machine/e2e: improve podman.exe match * pkg/machine/e2e: improve "list machine from all providers" * Remove JSON tag from UseImageHosts in ContainerConfig * Set network ID if available during container inspect * Stop creating a patch for v5.3.1 upgrades on windows * compose docs: fix typo * Document kube-play CDI support * docs: Add quadlet debug method systemd-analyze * Replace instances of PodmanExitCleanly in play_kube_test.go * docs: add 'initialized' state to status filters * fix(deps): update module google.golang.org/protobuf to v1.36.3 * Switch all calls of assert.Nil to assert.NoError * Add --no-hostname option * Fix unescaping octal escape sequence in values of Quadlet unit files * Remove `.exe` suffix if any * Add kube play support for CDI resource allocation * add support to `;` for comments in unit files as per systemd documentation * Use PodmanExitCleanly in attach_test.go * Introduce PodmanTestIntegration.PodmanExitCleanly * chore(deps): update dependency setuptools to ~=75.8.0 * Add newer c/i to support artifacts * fix(deps): update module golang.org/x/tools to v0.29.0 * fix(deps): update module golang.org/x/net to v0.34.0 * specgenutil: Fix parsing of mount option ptmxmode * namespaces: allow configuring keep-id userns size * Update description for completion * Quadlet - make sure the /etc/containers/systemd/users is traversed in rootless * Document .build for Image .container option * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.9.1 * New VM Images * update golangci/golangci-lint to v1.63.4 * fix(deps): update module google.golang.org/protobuf to v1.36.2 * chore(deps): update dependencysetuptools to ~=75.7.0 * Fixing ~/.ssh/identity handling * vendor latest c/common from main * fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.12 * fix(deps): update module github.com/opencontainers/runc to v1.2.4 * specgen: fix comment * Add hint to restart Podman machine to really accept new certificates * fix(deps): update module github.com/onsi/gomega to v1.36.2 * fix(deps): update module github.com/moby/term to v0.5.2 * Pass container hostname to netavark * Fix slirp4netns typo in podman-network.1.md * Add support to ShmSize in Pods with Quadlet * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.1 * chore(deps): update module golang.org/x/crypto to v0.31.0 [security] * fix(deps): update module golang.org/x/net to v0.33.0 [security] * Kube volumes can not container _ * fix(deps): update module github.com/docker/docker to v27.4.1+incompatible * test/system: fix "podman play --build private registry" error * test/system: CopyDirectory() do not chown files * test/system: remove system dial-stdio test * shell completion: respect CONTAINERS_REGISTRIES_CONF * fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.6 * When generating host volumes for k8s, force to lowercase * test: enable newly added test * vfkit: Use 0.6.0 binary * gvproxy: Use 0.8.1 binary * systemd: simplify parser and fix infinite loop * Revert "win-installer test: revert to v5.3.0" * Avoid rebooting twice when installing WSL * Avoid rebooting on Windows when upgrading and WSL isn't installed * Add win installer patch * Bump WiX toolset version to 5.0.2 * test/e2e: SkipOnOSVersion() add reason field * test/e2e: remove outdated SkipOnOSVersion() calls * Update VM images * fix(deps): update module golang.org/x/crypto to v0.31.0 [security] * fix(deps): update module github.com/crc-org/crc/v2 to v2.45.0 * fix(deps): update module github.com/opencontainers/runc to v1.2.3 * quadlet: fix inter-dependency of containers in `Network=` * Addman pages to Mac installer * fix(deps): update module github.com/onsi/gomega to v1.36.1 * fix(deps): update module github.com/docker/docker to v27.4.0+incompatible * Fix device limitations in podman-remote update on remote systems * Use latest version of VS BuildTools * bin/docker: fix broken escaping and variable substitution * manifest annotate: connect IndexAnnotations * Fix panic in `manifest annotate --index` * fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.5 * fix(deps): update module golang.org/x/net to v0.32.0 * fix(deps): update module golang.org/x/tools to v0.28.0 * fix(deps): update module golang.org/x/crypto to v0.30.0 * fix(deps): update module golang.org/x/sys to v0.28.0 * Fix overwriting of LinuxResources structure in the database * api: replace inspectID with name * fix(deps): update github.com/opencontainers/runtime-tools digest to f7e3563 * Replace ExclusiveArch with ifarch * fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.1 * Improve platform specific URL handling in `podman compose` for machines * Fix `podman info` with multiple imagestores * Switch to fixed common * refact: use uptime.minutes instead of uptime.seconds * fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.11 * fix(deps): update golang.org/x/exp digest to 2d47ceb * fix(deps): update github.com/godbus/dbus/v5 digest to c266b19 * Cover Unix socket in inpect test on Windows platform * Add a test for forcing compression and v2s2 format * fix(deps): update module github.com/crc-org/vfkit to v0.6.0 * Package podman-machine on supported architectures only. * Fixes missing binary in systemd. * stats: ignore errors from containers without cgroups * api: Error checking before NULL dereference * [skip-ci] Packit/copr: switch to fedora-all * make remotesystem: fail early if serial tests fail * spec: clamp rlimits without CAP_SYS_RESOURCE * Clarify the reason for skip_if_remote * Sanity-check that the test isreally using partial pulls * Fix apparent typos in zstd:chunked tests * Fix compilation issues in QEMU machine files (Windows platform) * Mount volumes before copying into a container * Revert "libpod: remove shutdown.Unregister()" * docs: improve documentation for internal networks * docs: document bridge mode option * [skip-ci] Packit: remove epel and re-enable c9s * chore(deps): update dependency golangci/golangci-lint to v1.62.2 * vendor: update containers/common * OWNERS: remove edsantiago * fix(deps): update module github.com/onsi/gomega to v1.36.0 * fix(deps): update github.com/containers/common digest to ceceb40 * refact: EventerType and improve consistency * Add --hosts-file flag to container and pod commands * Add nohosts option to /build and /libpod/build * fix(deps): update module github.com/stretchr/testify to v1.10.0 * Quadlet - Use = sign when setting the pull arg for build * win-installer test: revert to v5.3.0 * fix(deps): update module github.com/crc-org/crc/v2 to v2.44.0 * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.0 * chore(deps): update dependency setuptools to ~=75.6.0 * Update windows installer tests * Windows: don't install WSL/HyperV on update * Switch to non-installing WSL by default * fix(deps): update github.com/containers/buildah digest to 52437ef * Configure HealthCheck with `podman update` * CI: --image-volume test: robustify * docs: add 5.3 as Reference version * Bump CI VMs * libpod: pass down NoPivotRoot to Buildah * vendor: bump containers/buildah * fix(deps): update module github.com/opencontainers/runc to v1.2.2 * Overlay mounts supersede image volumes & volumes-from * libpod: addHosts() prevent nil deref * only read ssh_config for non machine connections * ssh_config: allow IdentityFile file with tilde * ssh_config: do not overwrite values from config file * connection: ignore errors when parsing ssh_config * Bump bundled krunkit to 0.1.4 * fix(deps): update modulegoogle.golang.org/protobuf to v1.35.2 * add support for driver-specific options during container creation * doc: fix words repetitions * Update release notes on main for v5.3.0 * chore(deps): update dependency setuptools to ~=75.5.0 * CI: system tests: parallelize 010 * fix podman machine init --ignition-path * vendor: update containers/common * spec: clamp rlimits in a userns * Add subpath support to volumes in `--mount` option * refactor: simplify LinuxNS type definition and String method * test/e2e: remove FIPS test * vendor containers projects to tagged versions * fix(deps): update module github.com/moby/sys/capability to v0.4.0 * chore(deps): update dependency setuptools to ~=75.4.0 * system tests: safer install_kube_template() * Buildah treadmill tweaks * update golangci-lint to v1.62.0 * fix(deps): update module golang.org/x/net to v0.31.0 * fix(deps): update module golang.org/x/tools to v0.27.0 * Revert "Reapply "CI: test nftables driver on fedora"" * Yet another bump, f41 with fixed kernel * test: add zstd:chunked system tests * pkg/machine/e2e: remove dead code * fix(deps): update module golang.org/x/crypto to v0.29.0 * kube SIGINT system test: fix race in timeout handling * New `system connection add` tests * Update codespell to v2.3.0 * Avoid printing PR text to stdout in system test * Exclude symlink from pre-commit end-of-file-fixer * api: Add error check * [CI:ALL] Bump main to v5.4.0-dev * test/buildah-bud: build new inet helper * test/system: add regression test for TZDIR local issue * vendor latest c/{buildah,common,image,storage} * Reapply "CI: test nftables driver on fedora" * Revert "cirrus: test only on f40/rawhide" * test f41 VMs * AdditionalSupport for SubPath volume mounts * wsl-e2e: Add a test to ensure port 2222 is free with usermode networking * winmake.ps1: Fix the syntax of the function call Win-SSHProxy * volume ls: fix race that caused it to fail * gvproxy: Disable port-forwarding on WSL * build:update gvisor-tap-vsock to 0.8.0 * podman: update roadmap * Log network creation and removal events in Podman * libpod: journald do not lock thread * Add key to control if a container can get started by its pod * Honor users requests in quadlet files * CI: systests: workaround for parallel podman-stop flake * Fix inconsistent line ending in win-installer project * fix(deps): update module github.com/opencontainers/runc to v1.2.1 * Quadlet - support image file based mount in container file * API: container logs flush status code * rework event code to improve API errors * events: remove memory eventer * libpod: log file use Wait() over event API * Makefile: vendor target should always remove toolchain * cirrus: check consitent vendoring in test/tools * test/tools/go.mod: remove toolchain * fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.10 * fix(deps): update module github.com/onsi/gomega to v1.35.1 * doc: explain --interactive in more detail * fix(deps): update golang.org/x/exp digest to f66d83c * fix(deps): update github.com/opencontainers/runtime-tools digest to 6c9570a * fix(deps): update github.com/linuxkit/virtsock digest to cb6a20c * add default polling interval to Container.Wait * Instrument cleanup tracer to log weird volume removal flake * make podman-clean-transient.service work as user * Add default remote socket path if empty * Use current user if no user specified * Add support for ssh_config for connection * libpod: use pasta Setup() over Setup2() * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.21.0 * fix(deps): update module github.com/onsi/gomega to v1.35.0 * logformatter: add cleanup tracer log link * docs: fix broken example * docs: add missing swagger links for the stable branches * readthedocs: build extra formats * pkg/machine/e2e: remove debug * fix(docs): Integrate pasta in rootless tutorial * chore(deps): update dependency setuptools to ~=75.3.0 * libpod: report cgroups deleted duringStat() call * chore: fix some function names in comment * CI: parallelize 450-interactive system tests * CI: parallelize 520-checkpoint tests * CI: make 070-build.bats use safe image names * test/system: add podman network reload test to distro gating * System tests: clean up unit file leaks * healthcheck: do not leak service on failed stop * healthcheck: do not leak statup service * fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.0 * Add Startup HealthCheck configuration to the podman inspect * buildah version display: use progress() * new showrun() for displaying and running shell commands * Buildah treadmill: redo the .cirrus.yml tweaks * Buildah treadmill: more allow-empty options * Buildah treadmill: improve test-failure instructions * Buildah treadmill: improve wording in test-fail instructions * doc: Remove whitespace before comma * fix(deps): update module github.com/checkpoint-restore/checkpointctl to v1.3.0 * ps: fix display of exposed ports * ps: do not loop over port protocol * readme: Add reference to pasta in the readme * test/system: Fix spurious "duplicate tests" failures in pasta tests * Improve "podman load - from URL" * Try to repair c/storage after removing an additional image store * Use the config digest to compare images loaded/pulled using different methods * Simplify the additional store test * Fix the store choice in "podman pull image with additional store" * Bump to v5.3.0-dev * Bump to v5.3.0-rc1 * Set quota on volume root directory, not _data * fix(deps): update module github.com/opencontainers/runc to v1.2.0 * test: set soft ulimit * Vagrantfile: Delete * Enable pod restore with crun * vendor: update c/{buildah,common,image,storage} * Fix 330-corrupt-images.bats in composefs test runs * quadlet: add default network dependencies to all units * quadlet: ensure user units wait for the network * add new podman-user-wait-network-online.service * contrib/systemd: switch usersymlink for file symlinks * Makefile: remove some duplication from install.systemd * contrib/systemd: move podman-auto-update units * quadlet: do not reject RemapUsers=keep-id as root * test/e2e: test quadlet with and without --user * CI: e2e: fix checkpoint flake * APIv2 test fix: image history * pasta udp tests: new bytecheck helper * Document packaging process * [skip-ci] RPM: remove dup Provides * Update dependency setuptools to ~=75.2.0 * System tests: safer pause-image creation * Update module github.com/opencontainers/selinux to v1.11.1 * Added escaping to invoked powershell command for hyperv stubber. * use slices.Clone instead of assignment * libpod API: only return exit code without conditions * Housekeeping: remove duplicates from success_task * Thorough overhaul of CONTRIBUTING doc. * api: Replace close function in condition body * test/e2e: fix default signal exit code test * Test new VM build * CI: fix changing-rootFsSize flake * scp: add option types * Unlock mutex before returning from function * Note in the README that we are moving to timed releases * cirrus: let tar extract figure out the compression * Make error messages more descriptive * Mention containers.conf settings for podman machine commands * [skip-ci] Packit: re-enable CentOS Stream 10/Fedora ELN teasks" * cmd: use logrus to print error * podman: do not set rlimits to the default value * spec: always specify default rlimits * vendor: update containers/common * Note in the README that we are moving to timed releases * Revert "CI: test nftables driver on fedora" * cirrus: use zstd over bzip2 for repo archive * cirrus: use shared repo_prep/repo_artifacts scripts * cirrus: speed up postbuild * cirrus: change alt arch task to only compile binaries * cirrus: run make with parallel jobs where useful * Makefile: allow man-page-check to be run in parallel * cirrus: use fastvm for builds * test/e2e: skip some Containerized checkpoint tests * test: updatetimezone checks * cirrus: update CI images * test/e2e: try debug potential pasta issue * CI: quadlet system tests: use airgapped testimage * Allow removing implicit quadlet systemd dependencies * fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.4 * libpod API: make wait endpoint better against rm races * podman-remote run: improve how we get the exit code * [skip-ci] Packit: constrain koji and bodhi jobs to fedora package to avoid dupes * 055-rm test: clean up a test, and document * CI: remove skips for libkrun * Bump bundled krunkit to 0.1.3 * fix(deps): update module google.golang.org/protobuf to v1.35.0 * fix(deps): update module golang.org/x/net to v0.30.0 * server: fix url parsing in info * fix(deps): update module golang.org/x/tools to v0.26.0 * Makefile: fix ginkgo FOCUS option * fix(deps): update module golang.org/x/crypto to v0.28.0 * podman-systemd.unit.5: adjust example options * docs: prefer --network to --net * fix(deps): update module golang.org/x/term to v0.25.0 * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.24 * fix(deps): update module golang.org/x/sys to v0.26.0 * OWNERS file audit and update * Exposed ports are only included when not --net=host * libpod: hasCurrentUserMapped checks for gid too * [CI:DOCS] Document TESTFLAGS in test README file * Validate the bind-propagation option to `--mount` * Fix typo in secret inspect examples * Mention `no_hosts` and `base_hosts_file` configs in CLI option docs * Fixes for vendoring Buildah * vendor: update buildah to latest * Makefile - silence skipped tests when focusing on a file * vendor: update to latest c/common * Quadlet - prefer "param val" over "param=val" to allow env expansion * System tests: sdnotify: wait for socket file creation * Switch to moby/sys/capability * platformInspectContainerHostConfig: rm dead code * CI: require and test CI_DESIRED_NETWORK on RHEL * Add ExposedPorts to Inspect's ContainerConfig * fix(deps):update golang.org/x/exp digest to 701f63a * quadlet: allow variables in PublishPort * fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.9 * fix(deps): update github.com/godbus/dbus/v5 digest to a817f3c * Document that zstd:chunked is downgraded to zstd when encrypting * fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.3 * chore(deps): update dependency ubuntu to v24 * rpm: do not load iptables modules on f41+ * adding docs for network-cmd-path * Include exposed ports in inspect output when net=host * feat(libpod): support kube play tar content-type (#24015) * podman mount: some better error wrapping * podman mount: ignore ErrLayerUnknown * Quadlet - make sure the order of the UnitsDir is deterministic * packit: disable Centos Stream/fedora ELN teasks * libpod: remove shutdown.Unregister() * libpod: rework shutdown handler flow * libpod: ensure we are not killed during netns creation * Update module github.com/moby/sys/capability to v0.3.0 * Update documentation of `--no-hosts`, `--hostname`, and `--name` CLI options * Update documentation of `--add-host` CLI option * System tests: set a default XDG_RUNTIME_DIR * Modify machine "Remove machine" test * CORS system test: clean up * Add --health-max-log-count, --health-max-log-size, --health-log-destination flags * troubleshooting: adjust home path in tip 44 * test/system: For pasta port forwarding tests don't bind socat server * Update connection on removal * Simplify `RemoveConnections` * Move `DefaultMachineName` to `pkg/machine/define` * vendor: update containers/image * vendor: update containers/storage * CI: skip the flaking quadlet test * CI: make systemd tests parallel-safe (*) * CI: run and collect cleanup tracer logs * add epbf program to trace podman cleanup errors * CI: parallelize logs test as much as possible * CI: format test: use local registry if available * CI: make 700-play parallel-safe * docs: Fix missing negation * bin/dockersupport warning message suppression from user config dir * Update module github.com/docker/docker to v27.3.1+incompatible * Quadlet - add full support for Symlinks * libpod: setupNetNS() correctly mount netns * vendor latest c/common * docs: remove usage of deprecated `--storage` * Update module github.com/docker/docker to v27.3.0+incompatible * CI: Quadlet rootfs test: use container image as rootfs * CI: system test registry: use --net=host * CI: rm system test: bump grace period * CI: system tests: minor documentation on parallel * fix typo in error message Fixes: containers/podman#24001 * CI: system tests: always create pause image * CI: quadlet system test: be more forgiving * vendor latest c/common * CI: make 200-pod parallel-safe * allow exposed sctp ports * test/e2e: add netns leak check * test/system: netns leak check for rootless as well * test/system: Improve TODO comments on IPv6 pasta custom DNS forward test * test/system: Clarify "Local forwarder" pasta tests * test/system: Simplify testing for nameserver connectivity * test/system: Consolidate "External resolver" pasta tests * test/system: Move test for default forwarder into its own case * CI: make 090-events parallel-safe * Misc minor test fixes * Add network namespace leak check * Add workaround for buildah parallel bug * registry: lock start attempts * Update system test template and README * bats log: differentiate parallel tests from sequential * ci: bump system tests to fastvm * clean_setup: create pause image * CI: make 012-manifest parallel-safe * podman-manifest-remove: update docs and help output * test/system: remove wait workaround * wait: fix handling of multiple conditions with exited * Match output of Compat Top API to Docker * system test parallelization: enable two-pass approach * New VMs: test crun 1.17 * libpod: hides env secrets from container inspect * CI: e2e: workaround for events out-of-sequence flake * update golangci-lint to 1.61.0 *libpod: convert owner IDs only with :idmap * Podman CLI --add-host with multiple host for a single IP * Quadlet - Split getUnitDirs to small functions * fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.5 * chore(deps): update dependency setuptools to ~=75.1.0 * Fxi typo in cache-ttl.md * Get WSL disk as an OCI artifact * CI: make 260-sdnotify parallel-safe * quadlet: do not log ENOENT errors * pkg/specgen: allow pasta when running inside userns * troubleshooting: add tip about the user containers * chore(deps): update dependency setuptools to v75 * Convert windows paths in volume arg of the build command * Improve error when starting multiple machines * fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.2 * Minor typo noticed when reading podman man page * Remove `RemoveFilesAndConnections` * Add `GetAllMachinesAndRootfulness` * rewrite typo osascript * typo * fix(deps): update module github.com/docker/docker to v27.2.1+incompatible * Add radio buttons to select WSL or Hyper-V in windows setup.exe * [skip-ci] Packit: split out ELN jobs and reuse fedora downstream targets * [skip-ci] Packit: Enable sidetags for bodhi updates * vendor: update c/common * CI: make 710-kube parallel-safe * CI: mark 320-system-df _NOT_ parallel safe * Add kube play support for image volume source * refactor: add sshClient function * fix(deps): update module golang.org/x/tools to v0.25.0 * CI: make 505-pasta parallel safe * CI: make 020-tag parallel-safe * CI: make 410-selinux parallel-safe * Bump VMs. ShellCheck is now built-in * troubleshooting: add tip about auto, keep-id, nomap * libpod: make use of new pasta option from c/common * vendor latest c/common * podman images: sort repository with tags * Remove containers/common/pkg/config from pkg/util * fix(deps): update module golang.org/x/net to v0.29.0 * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.23 * fix(deps): update module golang.org/x/cryptoto v0.27.0 * Fix CI * Detect and fix typos using codespell * Fix typo: replace buildin with built-in * Add codespell config, pre-commit definition, and move options from Makefile * prune: support clearing build cache using CleanCacheMount * test/e2e: fix network prune flake * Add support for Job to kube generate & play * Add podman-rootless.7 man page * Add DNS, DNSOption and DNSSearch to quadlet pod * podman.1.md: improve policy.json section * e2e: flake fix: SIGPIPE in hook test * libpod: fix rootless cgroup path with --cgroup-parent * vendor: update c/storage * CI: make 055-rm parallel-safe * CI: make 130-kill parallel-safe * CI: make 125-import parallel-safe * CI: make 110-history parallel-safe * CI: system tests: parallelize low-hanging fruit * Add disclaimer to `podman machine info` manpage. * man pages: refactor two more options * update github.com/opencontainers/runc to v1.2.0-rc.3 * update go.etcd.io/bbolt to v1.3.11 * update github.com/onsi/{ginkgo,gomega} * Update module github.com/shirou/gopsutil to v4 * packit: update fedora and epel targets * bump go to 1.22 * cirrus: test only on f40/rawhide * cirrus: remove CI_DESIRED_NETWORK reference * cirrus: prebuild use f40 for extra tests * chore(deps): update dependency setuptools to ~=74.1.0 * libpod: fix HostConfig.Devices output from 'podman inspect' on FreeBSD * fix(deps): update golang.org/x/exp digest to 9b4947d * Implement publishing API UNIX socket on Windows platforms * Vendor c/common:8483ef6022b4 * quadlet: support container network reusing * docs: update read the docs changes * CI: parallel-safe network system test * Quadlet - Support multiple image tags in .build files * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.8.3 * cirrus: remove _bail_if_test_can_be_skipped * cirrus: move renovate check into validate * cirrus: remove 3rd party connectivity check * cirrus: remove cross jobs for aarch64 and x86_64 * cirrus: do not upload alt arch crossartifacts * cirrus: remove ginkgo-e2e.json artifact * cirrus: fix default timeouts * github: remove fcos-podman-next-build-prepush * Clarify podman machine volume mounting behavior under WSL * machine: Add -all-providers flag to machine list * Create a podman-troubleshooting man page * chore(deps): update dependency setuptools to v74 * fix(deps): update module github.com/docker/docker to v27.2.0+incompatible * Fix an improperly ignored error in SQLite * CI: flake workaround: ignore socat waitpid warnings * fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.3.1 * Stop skipping machine volume test on Hyper-V * cleanup: add new --stopped-only option * fix races in the HTTP attach API * cirrus: skip windows/macos machine task on RHEL branches * Update module github.com/containers/gvisor-tap-vsock to v0.7.5 * run: fix detach passthrough and --rmi * podman run: ignore image rm error * Add support for AddHost in quadlet .pod and .container * [CI:DOCS] Update dependency golangci/golangci-lint to v1.60.3 * update github.com/vishvananda/netlink to v1.3.0 * build: Update gvisor-tap-vsock to 0.7.5 * Quote systemd DefaultEnvironment Proxy values, as documented in systemd.conf man page: * fix typo in podman-network-create.1.md * Use HTTP path prefix of TCP connections to match Docker context behavior * Makefile: remotesystem: use real podman server, no --url * Update module github.com/openshift/imagebuilder to v1.2.15 * CI: parallel-safe userns test * Update module github.com/onsi/ginkgo/v2 to v2.20.1 * Add support for IP in quadlet .pod files * Specify format to use for referencing fixed bugs. * CI: parallel-safe run system test * Revert "test/e2e: work around for pasta issue" * CI: On vX.Y-rhel branches, ensure that some downstream Jira issue is linked * quadlet: support user mapping in pod unit * Update Release Process * Test new VM build * command is not optional to podman exec * CI: parallel-safe namespacessystem test * [CI:DOCS] Update dependency golangci/golangci-lint to v1.60.2 * quadlet: add key CgroupsMode * Fix `podman stop` and `podman run --rmi` * quadlet: set infra name to %s-infra * chore(deps): update dependency setuptools to v73 * [skip-ci] Packit: update targets for propose-downstream * Do not segfault on hard stop * Fix description of :Z to talk about pods * CI: disable ginkgo flake retries * vendor: update go-criu to latest * golangci-lint: make darwin linting happy * golangci-lint: make windows linting happy * test/e2e: remove kernel version check * golangci-lint: remove most skip dirs * set !remote build tags where needed * update golangci-lint to 1.60.1 * test/e2e: rm systemd start test * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.8.1 * podman wait: allow waiting for removal of containers * libpod: remove UpdateContainerStatus() * podman mount: fix storage/libpod ctr race * CI: quadlet tests: make parallel-safe * CI: system tests: make random_free_port() parallel-safe * remove trailing comma in example * CI: format test: make parallel-safe * Fix podman-docker.sh under -eu shells (fixes #23628) * docs: update podman-wait man page * libpod: remove duplicated HasVolume() check * podman volume rm --force: fix ABBA deadlock * test/system: fix network cleanup restart test * libpod: do not stop pod on init ctr exit * libpod: simplify WaitForExit() * CI: remove build-time quay check * Fix known_hosts file clogging and remote host id * Update docker.io/library/golang Docker tag to v1.23 * Update dependency setuptools to ~=72.2.0 * Update module github.com/docker/docker to v27.1.2+incompatible * healthcheck system check: reduce raciness * CI: healthcheck system test: make parallel-safe * Validate renovate config in every PR * pkg/machine: Read stderr from ssh-keygen correctly * Fix renovate config syntax error * CI: 080-pause.bats: make parallel-safe * CI: 050-stop.bats: make parallel-safe *Additional potential race condition on os.Readdir * pkg/bindings/containers: handle ignore for stop * remote: fix invalid --cidfile + --ignore * Update/simplify renovate config header comment * Migrate renovate config to latest schema * Fix race condition when listing /dev * docs/podman-systemd: Try to clarify `Exec=` more * libpod: reset state error on init * test/system: pasta_test_do add explicit port check * test/e2e: work around new push warning * vendor: update c/common to latest * stopIfOnlyInfraRemains: log all errors * libpod: do not save expected stop errors in ctr state * libpod: fix broken saveContainerError() * Quadlet: fix filters failure when the search paths are symlinks * readme: replace GPG with PGP * Drop APIv2 CNI configuration * De-duplicate docker-py testing * chore(podmansnoop): explain why crun comm is 3 * libpod: cleanupNetwork() return error * fix(deps): update module golang.org/x/sys to v0.24.0 * Reduce python APIv2 test net dependency * Fix not testing registry.conf updates * test/e2e: improve command timeout handling * Update module github.com/onsi/ginkgo/v2 to v2.20.0 * Update module github.com/moby/sys/user to v0.3.0 * Add passwd validate and generate steps * podman container cleanup: ignore common errors * Quadlet - Allow the user to override the default service name * CI: e2e: serialize root containerPort tests * Should not force conversion of manifest type to DockerV2ListMediaType * fix(deps): update module golang.org/x/tools to v0.24.0 * fix(deps): update github.com/containers/common digest to 05b2e1f * CI: mount system test: parallelize * Update module golang.org/x/net to v0.28.0 * Ignore ERROR_SHARING_VIOLATION error on windows * CI: manifest system tests: make parallel-safe * Create volume path before state initialization * vendor: update c/storage * CI: fix broken libkrun test * test/e2e: work around for pasta issue * test/e2e: fix missing exit code checks * Test new CI images * Removeanother race condition when mounting containers or images * fix(deps): update github.com/containers/common digest to c0cc6b7 * Change Windows installer MajorUpgrade Schedule * Ignore missing containers when calling GetExternalContainerLists * Remove runc edit to lock to specific version * fix(deps): update module golang.org/x/sys to v0.23.0 * CI: podman-machine: do not use cache registry * CI: completion system test: use safename * Temporarly disable failing Windows Installer CI test * libpod: fix volume copyup with idmap * libpod: avoid hang on errors * Temp. disable PM basic Volume ops test * Add libkrun Mac task * Never skip checkout step in release workflow * System tests: leak_test: readable output * fix(deps): update github.com/docker/go-plugins-helpers digest to 45e2431 * vendor: bump c/common * Version: bump to v5.3.0-dev * libpod: inhibit SIGTERM during cleanup() * Tweak versions in register_images.go * fix network cleanup flake in play kube * WIP: Fixes for vendoring Buildah * Add --compat-volumes option to build and farm build * Bump to Buildah v1.37.0 * Quadlet test - Split between success, warning and error cases * libpod: bind ports before network setup * Disable compose-warning-logs if PODMAN_COMPOSE_WARNING_LOGS=false * Use new syntax for selinux options in quadlet * fix(deps): update module github.com/onsi/gomega to v1.34.1 * CI: kube test: fix broken external-storage test * Update dependency setuptools to v72 * Convert additional build context paths on Windows * pkg/api: do not leak config pointers into specgen * Quadlet - Allow the user to set the service name for .pod files * Quadlet tests - allow overriding the expected service name * fix(deps): update module github.com/moby/sys/user to v0.2.0 * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.7.5 * CI: enable root user namespaces * libpod: force rootfs for OCI path with idmap * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.19.1 * Add teststeps for automount with multi images * CI: cp tests: use safename * [skip-ci] RPM: podman-iptables.conf only on Fedora * CI: 700-play: fix a leaked non-safename * test: check that kube generate/play restores the userns * test: disable artifacts cache with composefs * test: fix podman pull tests * vendor: bump c/storage * Update module github.com/cyphar/filepath-securejoin to v0.3.1 * Add /run/containers/systemd, ${XDG_RUNTIME_DIR}/containers/systemd quadlet dirs * build: Update gvisor-tap-vsock to 0.7.4 * test/system: fix borken pasta interface name checks * test/system: fix bridge host.containers.internal test * api: honor the userns for the infra container * play: handle 'private' as 'auto' * kube: record infra user namespace * infra: user ns annotation higher precedence * specgenutil: record the pod userns in the annotations * kube: invert branches * CI: system log test: use safe names * Update encryption tests to avoid a warning if zstd:chunked is the default * Fix "podman pull and decrypt"/"from local registry" * Use unique image names for the encrypted test images * CI: system tests: instrument to allow failure analysis * Fix outdated comment for the build step win-gvproxy * Add utility to convert VMFile to URL for UNIX sockets * Run codespell on source * fix(deps): update module github.com/docker/docker to v27.1.0+incompatible * chore(deps): update dependency setuptools to ~=71.1.0 * logformatter: tweaks to pass html tidy * More information for podman --remote build and running out of space. * Fix windows installer deleting machine provider config file * Use uploaded .zip for Windows action * pr-should-include-tests: no more CI:DOCS override * Depend on runc unconditionally, not only on SLE 15 (bsc#1239088) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro6.1 zypper in -t patch SUSE-SLE-Micro-6.1-292=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * podman-remote-5.4.2-slfo.1.1_1.1 * podmansh-5.4.2-slfo.1.1_1.1 * podman-debuginfo-5.4.2-slfo.1.1_1.1 * podman-5.4.2-slfo.1.1_1.1 * podman-remote-debuginfo-5.4.2-slfo.1.1_1.1 * SUSE Linux Micro 6.1 (noarch) * podman-docker-5.4.2-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-6032.html * https://bugzilla.suse.com/show_bug.cgi?id=1239088 * https://bugzilla.suse.com/show_bug.cgi?id=1242132 * https://bugzilla.suse.com/show_bug.cgi?id=1245320 . Critical SUSE Linux Micro update for podman addressing important security issues affecting TLS verification.. SUSE Linux Micro, podman, security update, TLS certificate, Linux security. . Severity: Important. LinuxSecurity.com Team
Oct 14, 2025
•Important
SuSE
202
security advisoryimportantOpenSUSEopenSUSE: Podman Important TLS Certificate Issue Fixed CVE-2025-6032
An update that solves one vulnerability can now be installed.. # Security update for podman Announcement ID: SUSE-SU-2025:02808-1 Release Date: 2025-08-15T12:51:31Z Rating: important References: * bsc#1245320 Cross-References: * CVE-2025-6032 CVSS scores: * CVE-2025-6032 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-6032 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-6032 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: * Containers Module 15-SP6 * Containers Module 15-SP7 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for podman fixes the following issues: * CVE-2025-6032: Fixed machine init command failing to verify TLS certificate (bsc#1245320) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2808=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2808=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-2808=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-2808=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-2808=1 * Containers Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-2808=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2025-2808=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2808=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2808=1 ## Package List: * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * podman-remote-debuginfo-4.9.5-150500.3.46.1 * podmansh-4.9.5-150500.3.46.1 * podman-remote-4.9.5-150500.3.46.1 * podman-4.9.5-150500.3.46.1 * podman-debuginfo-4.9.5-150500.3.46.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * podman-docker-4.9.5-150500.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * podman-remote-debuginfo-4.9.5-150500.3.46.1 * podmansh-4.9.5-150500.3.46.1 * podman-remote-4.9.5-150500.3.46.1 * podman-4.9.5-150500.3.46.1 * podman-debuginfo-4.9.5-150500.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * podman-docker-4.9.5-150500.3.46.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * podman-remote-debuginfo-4.9.5-150500.3.46.1 * podmansh-4.9.5-150500.3.46.1 * podman-remote-4.9.5-150500.3.46.1 * podman-4.9.5-150500.3.46.1 * podman-debuginfo-4.9.5-150500.3.46.1 * openSUSE Leap 15.5 (noarch) * podman-docker-4.9.5-150500.3.46.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * podman-remote-debuginfo-4.9.5-150500.3.46.1 * podmansh-4.9.5-150500.3.46.1 * podman-remote-4.9.5-150500.3.46.1 * podman-4.9.5-150500.3.46.1 *podman-debuginfo-4.9.5-150500.3.46.1 * openSUSE Leap 15.6 (noarch) * podman-docker-4.9.5-150500.3.46.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * podman-remote-debuginfo-4.9.5-150500.3.46.1 * podmansh-4.9.5-150500.3.46.1 * podman-remote-4.9.5-150500.3.46.1 * podman-4.9.5-150500.3.46.1 * podman-debuginfo-4.9.5-150500.3.46.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * podman-docker-4.9.5-150500.3.46.1 * Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64) * podman-remote-debuginfo-4.9.5-150500.3.46.1 * podmansh-4.9.5-150500.3.46.1 * podman-remote-4.9.5-150500.3.46.1 * podman-4.9.5-150500.3.46.1 * podman-debuginfo-4.9.5-150500.3.46.1 * Containers Module 15-SP6 (noarch) * podman-docker-4.9.5-150500.3.46.1 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * podman-remote-debuginfo-4.9.5-150500.3.46.1 * podmansh-4.9.5-150500.3.46.1 * podman-remote-4.9.5-150500.3.46.1 * podman-4.9.5-150500.3.46.1 * podman-debuginfo-4.9.5-150500.3.46.1 * Containers Module 15-SP7 (noarch) * podman-docker-4.9.5-150500.3.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * podman-remote-debuginfo-4.9.5-150500.3.46.1 * podmansh-4.9.5-150500.3.46.1 * podman-remote-4.9.5-150500.3.46.1 * podman-4.9.5-150500.3.46.1 * podman-debuginfo-4.9.5-150500.3.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * podman-docker-4.9.5-150500.3.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * podman-remote-debuginfo-4.9.5-150500.3.46.1 * podmansh-4.9.5-150500.3.46.1 * podman-remote-4.9.5-150500.3.46.1 * podman-4.9.5-150500.3.46.1 * podman-debuginfo-4.9.5-150500.3.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * podman-docker-4.9.5-150500.3.46.1 ## References: * https://www.suse.com/security/cve/CVE-2025-6032.html *https://bugzilla.suse.com/show_bug.cgi?id=1245320 . An important SUSE update resolves a critical TLS certificate verification issue in Podman, mitigating exploitation risks.. TLS Fix,SUSE Podman Update,Critical Security Update,Patching Process. . Severity: Important. LinuxSecurity.com Team
Aug 15, 2025
•Important
OpenSUSE
98
security advisorymoderatered hatRed Hat: RHSA-2016:1166-01 Moderate: Python27 TLS Issue and DoS Fix
Updated python27 packages are now available as a part of Red Hat Software Collections 2.2 for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: python27 security, bug fix, and enhancement update Advisory ID: RHSA-2016:1166-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1166 Issue date: 2016-05-31 CVE Names: CVE-2013-2099 CVE-2013-7440 ==================================================================== 1. Summary: Updated python27 packages are now available as a part of Red Hat Software Collections 2.2 for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Python is an interpreted,interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectorsfor MySQL and PostgreSQL. Security Fix(es): The following fix was applied to the python component: * The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1311044, BZ#1319774) The following fix was applied to the python-pymongo component: * A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU. (CVE-2013-2099) The following fix was applied to the python-pymongo and python-virtualenv components: * Multiple flaws were found in the way Python's SSL module performed matching of certificate names containing wildcards. A remote attacker able to obtain a valid certificate that contained certain names with wildcards could have them incorrectly accepted by Python SSL clients, not following the RFC 6125 recommendations. (CVE-2013-7440) The CVE-2013-2099 issue was discovered by Florian Weimer (Red Hat Product Security). Bug Fix(es) and Enhancement(s): The python27 Software Collectionhas been updated to a later version, which provides a number of bug fixes and enhancements over the previous version. Among others: * The python27-PyYAML package has been added, which contains a Python YAML module. PyYAML is a YAML parser and emitter for Python; it is applicable for a broad range of tasks from complex configuration files to object serialization and persistance. * Network security enhancements, described in the Python Enhancent Proposal 466, have been backported to the Python standard library. The security enhancements include, for example, new features in the ssl module, such as support for Server Name Indication (SNI) as well as support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and much more. * The python27-python-pip package has been upgraded to version 7.1.0. * The python27-python-virtualenv package has been upgraded to verion 13.1.0. * The python27-python-pymongo package has been upgraded to version 3.2.1. (BZ#1301481, BZ#1297784, BZ#1111464, BZ#1319774) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 963260 - CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns 1173041 - CVE-2014-9365 python: failure to validate certificates in the HTTP client with TLS (PEP 476) 1224999 - CVE-2013-7440 python: wildcard matching rules do not follow RFC 6125 1266529 - Applications breaks when certain software collections are enabled 1297783 - Update python-pymongo package 1297784 - Add PyYAML package 1318319 - python-2.7.5-34 breaks hashlib (md4) 1329141 - Python installation is not 64 bit clean 1329944 - python27-PyYAML: wrong interpreter 1330041 - python27-python-docutils: wrong interpreter 1334447 - leftovers after the un-install 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v.6): Source: python27-1.1-25.el6.src.rpm python27-PyYAML-3.10-14.el6.src.rpm python27-numpy-1.7.1-10.el6.src.rpm python27-python-2.7.8-16.el6.src.rpm python27-python-docutils-0.11-2.el6.src.rpm python27-python-pip-7.1.0-2.el6.src.rpm python27-python-pymongo-3.2.1-1.el6.src.rpm python27-python-virtualenv-13.1.0-1.el6.src.rpm python27-scipy-0.12.1-3.el6.src.rpm noarch: python27-python-docutils-0.11-2.el6.noarch.rpm python27-python-pip-7.1.0-2.el6.noarch.rpm python27-python-virtualenv-13.1.0-1.el6.noarch.rpm x86_64: python27-1.1-25.el6.x86_64.rpm python27-PyYAML-3.10-14.el6.x86_64.rpm python27-PyYAML-debuginfo-3.10-14.el6.x86_64.rpm python27-numpy-1.7.1-10.el6.x86_64.rpm python27-numpy-debuginfo-1.7.1-10.el6.x86_64.rpm python27-numpy-f2py-1.7.1-10.el6.x86_64.rpm python27-python-2.7.8-16.el6.x86_64.rpm python27-python-bson-3.2.1-1.el6.x86_64.rpm python27-python-debug-2.7.8-16.el6.x86_64.rpm python27-python-debuginfo-2.7.8-16.el6.x86_64.rpm python27-python-devel-2.7.8-16.el6.x86_64.rpm python27-python-libs-2.7.8-16.el6.x86_64.rpm python27-python-pymongo-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-debuginfo-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-doc-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-gridfs-3.2.1-1.el6.x86_64.rpm python27-python-test-2.7.8-16.el6.x86_64.rpm python27-python-tools-2.7.8-16.el6.x86_64.rpm python27-runtime-1.1-25.el6.x86_64.rpm python27-scipy-0.12.1-3.el6.x86_64.rpm python27-scipy-debuginfo-0.12.1-3.el6.x86_64.rpm python27-scldevel-1.1-25.el6.x86_64.rpm python27-tkinter-2.7.8-16.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v.6.6): Source: python27-1.1-25.el6.src.rpm python27-PyYAML-3.10-14.el6.src.rpm python27-numpy-1.7.1-10.el6.src.rpm python27-python-2.7.8-16.el6.src.rpm python27-python-docutils-0.11-2.el6.src.rpm python27-python-pip-7.1.0-2.el6.src.rpm python27-python-pymongo-3.2.1-1.el6.src.rpm python27-python-virtualenv-13.1.0-1.el6.src.rpm python27-scipy-0.12.1-3.el6.src.rpm noarch: python27-python-docutils-0.11-2.el6.noarch.rpm python27-python-pip-7.1.0-2.el6.noarch.rpm python27-python-virtualenv-13.1.0-1.el6.noarch.rpm x86_64: python27-1.1-25.el6.x86_64.rpm python27-PyYAML-3.10-14.el6.x86_64.rpm python27-PyYAML-debuginfo-3.10-14.el6.x86_64.rpm python27-numpy-1.7.1-10.el6.x86_64.rpm python27-numpy-debuginfo-1.7.1-10.el6.x86_64.rpm python27-numpy-f2py-1.7.1-10.el6.x86_64.rpm python27-python-2.7.8-16.el6.x86_64.rpm python27-python-bson-3.2.1-1.el6.x86_64.rpm python27-python-debug-2.7.8-16.el6.x86_64.rpm python27-python-debuginfo-2.7.8-16.el6.x86_64.rpm python27-python-devel-2.7.8-16.el6.x86_64.rpm python27-python-libs-2.7.8-16.el6.x86_64.rpm python27-python-pymongo-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-debuginfo-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-doc-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-gridfs-3.2.1-1.el6.x86_64.rpm python27-python-test-2.7.8-16.el6.x86_64.rpm python27-python-tools-2.7.8-16.el6.x86_64.rpm python27-runtime-1.1-25.el6.x86_64.rpm python27-scipy-0.12.1-3.el6.x86_64.rpm python27-scipy-debuginfo-0.12.1-3.el6.x86_64.rpm python27-scldevel-1.1-25.el6.x86_64.rpm python27-tkinter-2.7.8-16.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v.6.7): Source: python27-1.1-25.el6.src.rpm python27-PyYAML-3.10-14.el6.src.rpm python27-numpy-1.7.1-10.el6.src.rpm python27-python-2.7.8-16.el6.src.rpm python27-python-docutils-0.11-2.el6.src.rpm python27-python-pip-7.1.0-2.el6.src.rpm python27-python-pymongo-3.2.1-1.el6.src.rpm python27-python-virtualenv-13.1.0-1.el6.src.rpm python27-scipy-0.12.1-3.el6.src.rpm noarch: python27-python-docutils-0.11-2.el6.noarch.rpm python27-python-pip-7.1.0-2.el6.noarch.rpm python27-python-virtualenv-13.1.0-1.el6.noarch.rpm x86_64: python27-1.1-25.el6.x86_64.rpm python27-PyYAML-3.10-14.el6.x86_64.rpm python27-PyYAML-debuginfo-3.10-14.el6.x86_64.rpm python27-numpy-1.7.1-10.el6.x86_64.rpm python27-numpy-debuginfo-1.7.1-10.el6.x86_64.rpm python27-numpy-f2py-1.7.1-10.el6.x86_64.rpm python27-python-2.7.8-16.el6.x86_64.rpm python27-python-bson-3.2.1-1.el6.x86_64.rpm python27-python-debug-2.7.8-16.el6.x86_64.rpm python27-python-debuginfo-2.7.8-16.el6.x86_64.rpm python27-python-devel-2.7.8-16.el6.x86_64.rpm python27-python-libs-2.7.8-16.el6.x86_64.rpm python27-python-pymongo-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-debuginfo-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-doc-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-gridfs-3.2.1-1.el6.x86_64.rpm python27-python-test-2.7.8-16.el6.x86_64.rpm python27-python-tools-2.7.8-16.el6.x86_64.rpm python27-runtime-1.1-25.el6.x86_64.rpm python27-scipy-0.12.1-3.el6.x86_64.rpm python27-scipy-debuginfo-0.12.1-3.el6.x86_64.rpm python27-scldevel-1.1-25.el6.x86_64.rpm python27-tkinter-2.7.8-16.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v.6): Source: python27-1.1-25.el6.src.rpm python27-PyYAML-3.10-14.el6.src.rpm python27-numpy-1.7.1-10.el6.src.rpm python27-python-2.7.8-16.el6.src.rpm python27-python-docutils-0.11-2.el6.src.rpm python27-python-pip-7.1.0-2.el6.src.rpm python27-python-pymongo-3.2.1-1.el6.src.rpm python27-python-virtualenv-13.1.0-1.el6.src.rpm python27-scipy-0.12.1-3.el6.src.rpm noarch: python27-python-docutils-0.11-2.el6.noarch.rpm python27-python-pip-7.1.0-2.el6.noarch.rpm python27-python-virtualenv-13.1.0-1.el6.noarch.rpm x86_64: python27-1.1-25.el6.x86_64.rpm python27-PyYAML-3.10-14.el6.x86_64.rpm python27-PyYAML-debuginfo-3.10-14.el6.x86_64.rpm python27-numpy-1.7.1-10.el6.x86_64.rpm python27-numpy-debuginfo-1.7.1-10.el6.x86_64.rpm python27-numpy-f2py-1.7.1-10.el6.x86_64.rpm python27-python-2.7.8-16.el6.x86_64.rpm python27-python-bson-3.2.1-1.el6.x86_64.rpm python27-python-debug-2.7.8-16.el6.x86_64.rpm python27-python-debuginfo-2.7.8-16.el6.x86_64.rpm python27-python-devel-2.7.8-16.el6.x86_64.rpm python27-python-libs-2.7.8-16.el6.x86_64.rpm python27-python-pymongo-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-debuginfo-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-doc-3.2.1-1.el6.x86_64.rpm python27-python-pymongo-gridfs-3.2.1-1.el6.x86_64.rpm python27-python-test-2.7.8-16.el6.x86_64.rpm python27-python-tools-2.7.8-16.el6.x86_64.rpm python27-runtime-1.1-25.el6.x86_64.rpm python27-scipy-0.12.1-3.el6.x86_64.rpm python27-scipy-debuginfo-0.12.1-3.el6.x86_64.rpm python27-scldevel-1.1-25.el6.x86_64.rpm python27-tkinter-2.7.8-16.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v.7): Source: python27-1.1-25.el7.src.rpm python27-PyYAML-3.10-14.el7.src.rpm python27-numpy-1.7.1-10.el7.src.rpm python27-python-2.7.8-14.el7.src.rpm python27-python-pip-7.1.0-2.el7.src.rpm python27-python-pymongo-3.2.1-1.el7.src.rpm python27-python-virtualenv-13.1.0-1.el7.src.rpm python27-scipy-0.12.1-4.el7.src.rpm noarch: python27-python-pip-7.1.0-2.el7.noarch.rpm python27-python-virtualenv-13.1.0-1.el7.noarch.rpm x86_64: python27-1.1-25.el7.x86_64.rpm python27-PyYAML-3.10-14.el7.x86_64.rpm python27-PyYAML-debuginfo-3.10-14.el7.x86_64.rpm python27-numpy-1.7.1-10.el7.x86_64.rpm python27-numpy-debuginfo-1.7.1-10.el7.x86_64.rpm python27-numpy-f2py-1.7.1-10.el7.x86_64.rpm python27-python-2.7.8-14.el7.x86_64.rpm python27-python-bson-3.2.1-1.el7.x86_64.rpm python27-python-debug-2.7.8-14.el7.x86_64.rpm python27-python-debuginfo-2.7.8-14.el7.x86_64.rpm python27-python-devel-2.7.8-14.el7.x86_64.rpm python27-python-libs-2.7.8-14.el7.x86_64.rpm python27-python-pymongo-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-debuginfo-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-doc-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-gridfs-3.2.1-1.el7.x86_64.rpm python27-python-test-2.7.8-14.el7.x86_64.rpm python27-python-tools-2.7.8-14.el7.x86_64.rpm python27-runtime-1.1-25.el7.x86_64.rpm python27-scipy-0.12.1-4.el7.x86_64.rpm python27-scipy-debuginfo-0.12.1-4.el7.x86_64.rpm python27-scldevel-1.1-25.el7.x86_64.rpm python27-tkinter-2.7.8-14.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v.7.1): Source: python27-1.1-25.el7.src.rpm python27-PyYAML-3.10-14.el7.src.rpm python27-numpy-1.7.1-10.el7.src.rpm python27-python-2.7.8-14.el7.src.rpm python27-python-pip-7.1.0-2.el7.src.rpm python27-python-pymongo-3.2.1-1.el7.src.rpm python27-python-virtualenv-13.1.0-1.el7.src.rpm python27-scipy-0.12.1-4.el7.src.rpm noarch: python27-python-pip-7.1.0-2.el7.noarch.rpm python27-python-virtualenv-13.1.0-1.el7.noarch.rpm x86_64: python27-1.1-25.el7.x86_64.rpm python27-PyYAML-3.10-14.el7.x86_64.rpm python27-PyYAML-debuginfo-3.10-14.el7.x86_64.rpm python27-numpy-1.7.1-10.el7.x86_64.rpm python27-numpy-debuginfo-1.7.1-10.el7.x86_64.rpm python27-numpy-f2py-1.7.1-10.el7.x86_64.rpm python27-python-2.7.8-14.el7.x86_64.rpm python27-python-bson-3.2.1-1.el7.x86_64.rpm python27-python-debug-2.7.8-14.el7.x86_64.rpm python27-python-debuginfo-2.7.8-14.el7.x86_64.rpm python27-python-devel-2.7.8-14.el7.x86_64.rpm python27-python-libs-2.7.8-14.el7.x86_64.rpm python27-python-pymongo-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-debuginfo-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-doc-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-gridfs-3.2.1-1.el7.x86_64.rpm python27-python-test-2.7.8-14.el7.x86_64.rpm python27-python-tools-2.7.8-14.el7.x86_64.rpm python27-runtime-1.1-25.el7.x86_64.rpm python27-scipy-0.12.1-4.el7.x86_64.rpm python27-scipy-debuginfo-0.12.1-4.el7.x86_64.rpm python27-scldevel-1.1-25.el7.x86_64.rpm python27-tkinter-2.7.8-14.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v.7.2): Source: python27-1.1-25.el7.src.rpm python27-PyYAML-3.10-14.el7.src.rpm python27-numpy-1.7.1-10.el7.src.rpm python27-python-2.7.8-14.el7.src.rpm python27-python-pip-7.1.0-2.el7.src.rpm python27-python-pymongo-3.2.1-1.el7.src.rpm python27-python-virtualenv-13.1.0-1.el7.src.rpm python27-scipy-0.12.1-4.el7.src.rpm noarch: python27-python-pip-7.1.0-2.el7.noarch.rpm python27-python-virtualenv-13.1.0-1.el7.noarch.rpm x86_64: python27-1.1-25.el7.x86_64.rpm python27-PyYAML-3.10-14.el7.x86_64.rpm python27-PyYAML-debuginfo-3.10-14.el7.x86_64.rpm python27-numpy-1.7.1-10.el7.x86_64.rpm python27-numpy-debuginfo-1.7.1-10.el7.x86_64.rpm python27-numpy-f2py-1.7.1-10.el7.x86_64.rpm python27-python-2.7.8-14.el7.x86_64.rpm python27-python-bson-3.2.1-1.el7.x86_64.rpm python27-python-debug-2.7.8-14.el7.x86_64.rpm python27-python-debuginfo-2.7.8-14.el7.x86_64.rpm python27-python-devel-2.7.8-14.el7.x86_64.rpm python27-python-libs-2.7.8-14.el7.x86_64.rpm python27-python-pymongo-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-debuginfo-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-doc-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-gridfs-3.2.1-1.el7.x86_64.rpm python27-python-test-2.7.8-14.el7.x86_64.rpm python27-python-tools-2.7.8-14.el7.x86_64.rpm python27-runtime-1.1-25.el7.x86_64.rpm python27-scipy-0.12.1-4.el7.x86_64.rpm python27-scipy-debuginfo-0.12.1-4.el7.x86_64.rpm python27-scldevel-1.1-25.el7.x86_64.rpm python27-tkinter-2.7.8-14.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v.7): Source: python27-1.1-25.el7.src.rpm python27-PyYAML-3.10-14.el7.src.rpm python27-numpy-1.7.1-10.el7.src.rpm python27-python-2.7.8-14.el7.src.rpm python27-python-pip-7.1.0-2.el7.src.rpm python27-python-pymongo-3.2.1-1.el7.src.rpm python27-python-virtualenv-13.1.0-1.el7.src.rpm python27-scipy-0.12.1-4.el7.src.rpm noarch: python27-python-pip-7.1.0-2.el7.noarch.rpm python27-python-virtualenv-13.1.0-1.el7.noarch.rpm x86_64: python27-1.1-25.el7.x86_64.rpm python27-PyYAML-3.10-14.el7.x86_64.rpm python27-PyYAML-debuginfo-3.10-14.el7.x86_64.rpm python27-numpy-1.7.1-10.el7.x86_64.rpm python27-numpy-debuginfo-1.7.1-10.el7.x86_64.rpm python27-numpy-f2py-1.7.1-10.el7.x86_64.rpm python27-python-2.7.8-14.el7.x86_64.rpm python27-python-bson-3.2.1-1.el7.x86_64.rpm python27-python-debug-2.7.8-14.el7.x86_64.rpm python27-python-debuginfo-2.7.8-14.el7.x86_64.rpm python27-python-devel-2.7.8-14.el7.x86_64.rpm python27-python-libs-2.7.8-14.el7.x86_64.rpm python27-python-pymongo-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-debuginfo-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-doc-3.2.1-1.el7.x86_64.rpm python27-python-pymongo-gridfs-3.2.1-1.el7.x86_64.rpm python27-python-test-2.7.8-14.el7.x86_64.rpm python27-python-tools-2.7.8-14.el7.x86_64.rpm python27-runtime-1.1-25.el7.x86_64.rpm python27-scipy-0.12.1-4.el7.x86_64.rpm python27-scipy-debuginfo-0.12.1-4.el7.x86_64.rpm python27-scldevel-1.1-25.el7.x86_64.rpm python27-tkinter-2.7.8-14.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-2099 https://access.redhat.com/security/cve/CVE-2013-7440 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/2039753 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGPSIGNATURE----- Version: GnuPG v1 iD8DBQFXTXLkXlSAg2UNWIIRAv24AJ9J57HmPRP4kf9eb0lTpOLR037sawCgszMI JJ7o6x06U7KR/MKESCy6YX8=bWhu -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
May 31, 2016
•Important
Red Hat
89
security advisorysecurity issuefedoraFedora 11 ProFTPD Security Update: Fix TLS Certificate Handling Issues
This update fixes CVE-2009-3639, in which proftpd's mod_tls, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate. This allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-11649 2009-11-18 13:31:57 -------------------------------------------------------------------------------- Name : proftpd Product : Fedora 11 Version : 1.3.2b Release : 1.fc11 URL : http://www.proftpd.org/ Summary : Flexible, stable and highly-configurable FTP server Description : ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This package defaults to the standalone behaviour of ProFTPD, but all the needed scripts to have it run by xinetd instead are included. -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2009-3639, in which proftpd's mod_tls, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate. This allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority. This update to upstream release 1.3.2b also fixes the following issues recorded in the proftpd bug tracker at bugs.proftpd.org: - Regression causing command-line define options not to work (bug 3221) - Use correct cached user values with "SQLNegativeCache on" (bug 3282) -Slower transfers of multiple small files (bug 3284) - Support MaxTransfersPerHost, MaxTransfersPerUser properly (bug 3287) - Handle symlinks to directories with trailing slashes properly (bug 3297) -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 21 2009 Paul Howarth 1.3.2b-1 - Update to 1.3.2b - Fixed regression causing command-line define options not to work (bug 3221) - Fixed SSL/TLS cert subjectAltName verification (bug 3275, CVE-2009-3639) - Use correct cached user values with "SQLNegativeCache on" (bug 3282) - Fix slower transfers of multiple small files (bug 3284) - Support MaxTransfersPerHost, MaxTransfersPerUser properly (bug 3287) - Handle symlinks to directories with trailing slashes properly (bug 3297) - Drop upstreamed defines patch (bug 3221) * Thu Sep 17 2009 Paul Howarth 1.3.2a-7 - Restore backward SRPM compatibility broken by previous change * Wed Sep 16 2009 Tomas Mraz 1.3.2a-6 - Use password-auth common PAM configuration instead of system-auth * Mon Sep 7 2009 Paul Howarth 1.3.2a-5 - Add upstream patch for MLSD with dirnames containing glob chars (#521634) * Wed Sep 2 2009 Paul Howarth 1.3.2a-4 - New DSO module: mod_exec (#520214) * Fri Aug 21 2009 Tomas Mraz 1.3.2a-3.1 - Rebuilt with new openssl * Wed Aug 19 2009 Paul Howarth 1.3.2a-3 - Use mod_vroot to work around PAM/chroot issues (#477120, #506735) * Fri Jul 31 2009 Paul Howarth 1.3.2a-2 - Add upstream patch to fix parallel build (http://bugs.proftpd.org/buglist.cgi * Mon Jul 27 2009 Paul Howarth 1.3.2a-1 - Update to 1.3.2a - Add patch to reinstate support for -DPARAMETER (http://bugs.proftpd.org/buglist.cgi - Retain CAP_AUDIT_WRITE, needed for pam_loginuid (#506735, fixed upstream) - Remove ScoreboardFile directive from configuration file - default value works better with SELinux (#498375) - Ship mod_quotatab_sql.so in the main package rather than the SQL backend subpackages - New DSO modules: - mod_ctrls_admin - mod_facl - mod_load -mod_quotatab_radius - mod_radius - mod_ratio - mod_rewrite - mod_site_misc - mod_wrap2 - mod_wrap2_file - mod_wrap2_sql - Enable mod_lang/nls support for RFC 2640 (and buildreq gettext) - Add /etc/sysconfig/proftpd to set PROFTPD_OPTIONS and update initscript to use this value so we can use a define to enable (e.g.) anonymous FTP support rather than having a huge commented-out section in the config file - Rewrite config file to remove most settings that don't change upstream defaults, and add brief descriptions for all available loadable modules - Move Umask and IdentLookups settings from server config to context so that they apply to all servers, including virtual hosts (#509251) - Ensure mod_ifsession is always the last one specified, which makes sure that mod_ifsession's changes are seen properly by other modules - Drop pam version requirement - all targets have sufficiently recent version - Drop redundant explicit dependency on pam - Subpackages don't need to own %{_libexecdir}/proftpd directory - Drop redundant krb5-devel buildreq - Make SRPM back-compatible with EPEL-4 (TLS cert dirs, PAM config) - Don't include README files for non-Linux platforms - Recode ChangeLog as UTF-8 - Don't ship the prxs tool for building custom DSO's since we don't ship the headers either - Prevent stripping of binaries in a slightly more robust way - Fix release tag to be ready for future beta/rc versions - Define RPM macros in global scope - BuildRequire libcap-devel so that we use the system library rather than the bundled one, and eliminate log messages like: kernel: warning: `proftpd' uses 32-bit capabilities (legacy support in use) * Sun Jul 26 2009 Fedora Release Engineering 1.3.2-3.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #530719 - CVE-2009-3639 ProFTPD: Doesn't properly handle NULL character in subjectAltName https://bugzilla.redhat.com/show_bug.cgi?id=530719 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update proftpd' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Nov 18, 2009
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!