podman-4.2.0-7.el9

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

Security Fix(es):

* podman: possible information disclosure and modification (CVE-2022-2989)
* buildah: possible information disclosure and modification (CVE-2022-2990)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* (podman image trust) does not support the new trust type "sigstoreSigned "
* dnf-update broken for podman/catatonit
* podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/
* podman kill may deadlock
* containers config.json gets empty after sudden power loss
* PANIC podman API service endpoint handler panic

Enhancement(s):

* Podman volume plugin timeout should be configurable
* [RFE]Podman support to perform custom actions on unhealthy containers

CVE-2022-2989
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
CVE-2022-2990
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.