podman-1.6.4-26.el7

エラータID: AXSA:2020-887:04

Release date: 
Tuesday, November 10, 2020 - 17:01
Subject: 
podman-1.6.4-26.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

Security Fix(es):

* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)

* podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API (CVE-2020-14370)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* podman does not use $TMPDIR loading a tar file (BZ#1877699)

CVE-2020-14040
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
CVE-2020-14370
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. podman-1.6.4-26.el7.src.rpm
    MD5: 1bfc4b1fc18180c067a5260d89930aa8
    SHA-256: ea240b6cc7a68a9fe998e8e67a5f152af25c6a988bcdc99b139813786fa89367
    Size: 9.06 MB

Asianux Server 7 for x86_64
  1. podman-1.6.4-26.el7.x86_64.rpm
    MD5: cfdec28b05615ed14d8ca6d30509906e
    SHA-256: a1fce41e04dd0a713da3bdbb230d8585cae7ede7794e95e3ce2b827c6840b22f
    Size: 12.85 MB
  2. podman-docker-1.6.4-26.el7.noarch.rpm
    MD5: 313ffdd0063f212532c6666ffe777251
    SHA-256: 18b13827dc848e3374ddb9ccca0ee42e48f5fe626f72715426c9c0488455d6ad
    Size: 30.17 kB