ELSA-2024-2193

ELSA-2024-2193 - podman security update

Type:SECURITY
Severity:MODERATE
Release Date:2024-05-03

Description


[2:4.9.4-0.1.0.1]
- Add devices on container startup, not on creation
- Backport fast gzip for compression [Orabug: 36420418]
- overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404]

[2:4.9.4-0.1]
- update to the latest content of https://github.com/containers/podman/tree/v4.9
(https://github.com/containers/podman/commit/4b69d93)
- Related: RHEL-2112

[2:4.9.3-0.1]
- update to the latest content of https://github.com/containers/podman/tree/v4.9
(https://github.com/containers/podman/commit/b8a887c)
- Related: RHEL-2112

[2:4.9.2-1]
- update to the latest content of https://github.com/containers/podman/tree/v4.9
(https://github.com/containers/podman/commit/4c14019)
- Related: RHEL-2112

[2:4.9.1-1]
- switch to v4.9.1-rhel branch
- update dnsname to the latest commit
- Related: Jira:RHEL-2112

[2:4.9.0-1]
- update to https://github.com/containers/podman/releases/tag/v4.9.0
- Related: RHEL-2112

[2:4.8.3-1]
- update to https://github.com/containers/podman/releases/tag/v4.8.3
- Related: RHEL-2112

[2:4.8.2-1]
- update to https://github.com/containers/podman/releases/tag/v4.8.2
- Related: RHEL-2112

[2:4.8.1-1]
- update to latest content of https://github.com/containers/podman/releases/tag/4.8.1
- Related: Jira:RHEL-2112

[2:4.7.2-3]
- Rebuild for following CVEs:
CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322
- Related: Jira:RHEL-2785

[2:4.7.2-2]
- update to latest content of https://github.com/containers/podman/releases/tag/4.7.2
(https://github.com/containers/podman/commit/750b4c3a7c31f6573350f0b3f1b787f26e0fe1e3)
- Related: Jira:RHEL-2112

[2:4.7.2-1]
- update to https://github.com/containers/podman/releases/tag/v4.7.2
- remove gvisor from podman and depend on external one
- Related: Jira:RHEL-2112

[2:4.6.1-6]
- update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel
(https://github.com/containers/podman/commit/68e7ae0)
- Related: Jira:RHEL-2112

[2:4.6.1-5]
- update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel
(https://github.com/containers/podman/commit/ea33dce)
- Related: #2176063

[2:4.6.1-4]
- amend podmansh provides
- Related: #2176063

[2:4.6.1-3]
- update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel
(https://github.com/containers/podman/commit/8bb0204)
- Related: #2176063

[2:4.6.1-2]
- update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel
(https://github.com/containers/podman/commit/1b2fadd)
- Resolves: #2232127

[2:4.6.1-1]
- update to latest content of https://github.com/containers/podman/releases/tag/4.6.1
- Related: #2176063

[2:4.6.0-3]
- build podman 4.6.0 off main branch for early testing of zstd compression
- Related: #2176063

[2:4.6.0-2]
- update license token to be SPDX compatible
- Related: #2176063

[2:4.6.0-1]
- update to latest content of https://github.com/containers/podman/releases/tag/4.6.0
(https://github.com/containers/podman/commit/38e6fab9664c6e59b66e73523b307a56130316ae)

[2:4.6.0-0.3]
- rebuild with the new bats
- Related: #2176063

[2:4.6.0-0.2]
- update to 4.6.0-rc2
- Related: #2176063

[2:4.6.0-0.1]
- update to 4.6.0-rc1
- Related: #2176063

[2:4.5.1-5]
- rebuild for following CVEs:
CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400
- Resolves: #2175071
- Resolves: #2179950
- Resolves: #2187318
- Resolves: #2187366
- Resolves: #2203681
- Resolves: #2207512

[2:4.5.1-4]
- update to https://github.com/containers/gvisor-tap-vsock/releases/tag/v0.6.1
- Related: #2176063

[2:4.5.1-3]
- rebuild for following CVEs:
CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400
- Resolves: #2175074
- Resolves: #2179966
- Resolves: #2187322
- Resolves: #2187383
- Resolves: #2203702
- Resolves: #2207522

[2:4.5.1-2]
- rebuild
- Resolves: #2177611

[2:4.5.1-1]
- update to https://github.com/containers/podman/releases/tag/v4.5.1
- Related: #2176063

[2:4.5.0-1]
- update to 4.5.0
- Related: #2176063

[2:4.4.1-10]
- build and add missing docker man pages
- Resolves: #2187187

[2:4.4.1-9]
- update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel
(https://github.com/containers/podman/commit/fd0ea3b)
- Resolves: #2173089

[2:4.4.1-8]
- update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel
(https://github.com/containers/podman/commit/05037d3)
- Resolves: #2178263

[2:4.4.1-7]
- update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel
(https://github.com/containers/podman/commit/67f7e1e)
- Related: #2176063

[2:4.4.1-6]
- update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel
(https://github.com/containers/podman/commit/4461c9c)
- Related: #2176063

[2:4.4.1-5]
- update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel
(https://github.com/containers/podman/commit/bf400bd)
- Related: #2176063

[2:4.4.1-4]
- update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel
(https://github.com/containers/podman/commit/ffc2614)
- Resolves: #2179450

[2:4.4.1-3]
- update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel
(https://github.com/containers/podman/commit/e1703bb)
- Related: #2124478

[2:4.4.1-2]
- update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel
(https://github.com/containers/podman/commit/0b38633)
- Related: #2124478

[2:4.4.1-1]
- update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel
(https://github.com/containers/podman/commit/d4e285a)
- Related: #2124478

[2:4.4.1-0.1]
- update to the latest content of https://github.com/containers/podman/tree/v4.4
(https://github.com/containers/podman/commit/f5670f0)
- Related: #2124478

[2:4.4.0-1]
- update to podman-4.4 release
- Related: #2124478

[2:4.4.0-0.10]
- update to the latest content of https://github.com/containers/podman/tree/main
(https://github.com/containers/podman/commit/68bbdc2)
- Related: #2124478

[2:4.4.0-0.9]
- update to the latest content of https://github.com/containers/podman/tree/main
(https://github.com/containers/podman/commit/323b515)
- Related: #2124478

[2:4.4.0-0.8]
- update to the latest content of https://github.com/containers/podman/tree/main
(https://github.com/containers/podman/commit/c35e74f)
- Related: #2124478

[2:4.4.0-0.7]
- update to the latest content of https://github.com/containers/podman/tree/main
(https://github.com/containers/podman/commit/ce504bb)
- Related: #2124478

[2:4.4.0-0.6]
- add quadlet to tests
- Related: #2124478

[2:4.4.0-0.5]
- obsolete podman-catatonit in order to not to file conflict with catatonit
- Related: #2124478

[2:4.4.0-0.4]
- build v4.4.0-rc2
- Related: #2124478

[2:4.4.0-0.3]
- remove podman-machine-cni, it is now part of podman 4.0 or newer
- Related: #2124478

[2:4.4.0-0.2]
- update to the latest content of https://github.com/containers/podman/tree/main
(https://github.com/containers/podman/commit/07ba51d)
- update gvisor-tap-vsock to 0.5.0
- Related: #2124478

[2:4.4.0-0.1]
- podman-4.4.0-rc1
- update to the latest content of https://github.com/containers/podman/tree/main
(https://github.com/containers/podman/commit/f1af5b3)
- Related: #2124478

[2:4.3.1-4]
- podman shouldn't provide and file conflict with catatonit in CRB
- Resolves: #2151322

[2:4.3.1-3]
- fix 'podman manifest add' is not concurrent safe
- Resolves: #2105173

[2:4.3.1-2]
- properly obsolete catatonit
- Resolves: #2123319

[2:4.3.1-1]
- update to https://github.com/containers/podman/releases/tag/v4.3.1
- Related: #2124478

[2:4.3.0-2]
- rebuild to fix CVE-2022-30629
- Related: #2102994

[2:4.3.0-1]
- update to https://github.com/containers/podman/releases/tag/v4.3.0
- Related: #2124478

[2:4.2.0-3]
- fix dependency in test subpackage
- Related: #2061316

[2:4.2.0-2]
- readd catatonit
- Related: #2061316

[2:4.2.0-1]
- update to latest content of https://github.com/containers/podman/releases/tag/4.2.0
(https://github.com/containers/podman/commit/7fe5a419cfd2880df2028ad3d7fd9378a88a04f4)
- Related: #2061316

[2:4.2.0-0.3rc3]
- require catatonit for gating tests
- Related: #2061316

[2:4.2.0-0.2rc3]
- update to 4.2.0-rc3
- Related: #2061316

[2:4.2.0-0.1rc2]
- update to 4.2.0-rc2
- Related: #2061316

[2:4.1.1-6]
- convert catatonit dependency to soft dep as catatonit is
no longer in Appstream but in CRB
- Related: #2061316

[2:4.1.1-5]
- rebuild for combined gating with catatonit
- Related: #2097694

[2:4.1.1-4]
- catatonit is now a standalone package
- Related: #2097694

[2:4.1.1-3]
- update to the latest content of https://github.com/containers/podman/tree/v4.1.1-rhel
(https://github.com/containers/podman/commit/fa692a6)
- Related: #2097694

[2:4.1.1-2]
- be sure podman services/sockets are stopped upon package removal
- Related: #2061316

[2:4.1.1-1]
- update to https://github.com/containers/podman/releases/tag/v4.1.1
- Related: #2061316

[2:4.1.0-4]
- don't require runc and Recommends: crun
- Related: #2061316

[2:4.1.0-3]
- Re-enable LTO and debuginfo
- Related: #2061316

[2:4.1.0-2]
- update gvisor-tap-vsock to 0.2.0 to fix compilation with golang 1.18
- Related: #2061316

[2:4.1.0-1]
- update to https://github.com/containers/podman/releases/tag/v4.1.0
- Related: #2061316

[2:4.0.3-2]
- require netavark and move CNI to soft dependencies
- Related: #2061316


Related CVEs


CVE-2023-45287
CVE-2023-39326

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) podman-4.9.4-0.1.0.1.el9.src.rpme9c27b7aaa810d12fcbee7032d04a833-ol9_aarch64_appstream
podman-4.9.4-0.1.0.1.el9.aarch64.rpmcf82ee27455169d280f872ccd06214f4-ol9_aarch64_appstream
podman-docker-4.9.4-0.1.0.1.el9.noarch.rpm593b1be8a9c44df5ff818aacb854832f-ol9_aarch64_appstream
podman-plugins-4.9.4-0.1.0.1.el9.aarch64.rpmcb5d461703a7618bbe3e8159bd9bbef9-ol9_aarch64_appstream
podman-remote-4.9.4-0.1.0.1.el9.aarch64.rpm213c876cb5bd3eb410839eedda5e9d21-ol9_aarch64_appstream
podman-tests-4.9.4-0.1.0.1.el9.aarch64.rpmd7823cfe5979e008acce69bdbd3f2b9a-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) podman-4.9.4-0.1.0.1.el9.src.rpme9c27b7aaa810d12fcbee7032d04a833-ol9_x86_64_appstream
podman-4.9.4-0.1.0.1.el9.x86_64.rpm03521b8b1760be79d0cb3c953f4ffb14-ol9_x86_64_appstream
podman-docker-4.9.4-0.1.0.1.el9.noarch.rpm593b1be8a9c44df5ff818aacb854832f-ol9_x86_64_appstream
podman-plugins-4.9.4-0.1.0.1.el9.x86_64.rpm8072067a528dc3d82bc6b0627cc8a903-ol9_x86_64_appstream
podman-remote-4.9.4-0.1.0.1.el9.x86_64.rpm3f027577b33c3a6b10ac6111d9803efb-ol9_x86_64_appstream
podman-tests-4.9.4-0.1.0.1.el9.x86_64.rpmc6bb28e055f1265dd0aca3501549e546-ol9_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete