podman-1.6.4-18.el7
エラータID: AXSA:2020-067:02
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
* buildah: Crafted input tar file may lead to local file overwrite during image build process (CVE-2020-10696)
* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-10696
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
CVE-2020-8945
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
Update packages.
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
N/A
SRPMS
- podman-1.6.4-18.el7.src.rpm
MD5: efbb18bc85ebde0e8453f5f9f1ceffc3
SHA-256: 86607701dad74ec309955a652d2665e228ca5c1df25400e12211839e7abb0730
Size: 8.92 MB
Asianux Server 7 for x86_64
- podman-1.6.4-18.el7.x86_64.rpm
MD5: 77a5c63127947b623a3c2553888beb11
SHA-256: 1c12d1a68feb40830faa416eabd8c64f5d1052654492877a73c7ee1c5799bdba
Size: 12.85 MB - podman-docker-1.6.4-18.el7.noarch.rpm
MD5: c17d4101472edc5a41bdf65004bd7f93
SHA-256: 89031cbcbffb4817dcfadcf0f4df0a5fdd60057d4ec317541e987abf17b5a2cf
Size: 28.87 kB