podman-1.6.4-16.el7

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

Security Fix(es):

* podman: resolving symlink in host filesystem leads to unexpected results of copy operation (CVE-2019-18466)

* containers/image: Container images read entire image manifest into memory (CVE-2020-1702)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Conmon binary stripped but debuginfo not generated.

* Cannot run systemd-container with SCL service.

* Podman does not enforce registries.block in the registries.conf file.

* podman and podman-manpages needs merging.

* podman should be linked against gpgme-pthread.

* podman cannot support load tarball which the name with colon but docker can support this.

* podman (1.6.4) no route to host from inside container.

* Podman can't reuse a container name, even if the container that was using it is no longer around.

* podman exec does not reads from stdin.

* [FJ8.2 Bug]: [REG]The "--group-add" option of "podman create" doesn't function.

Enhancement(s):

* [RFE] sctp support for podman

CVE-2019-18466
An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.
CVE-2020-1702
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.