podman-5.6.0-6.el9_7

エラータID: AXSA:2025-11464:11

Release date: 
Friday, December 5, 2025 - 10:22
Subject: 
podman-5.6.0-6.el9_7
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

Security Fix(es):

* database/sql: Postgres Scan Race Condition (CVE-2025-47907)
* podman: Podman kube play command may overwrite host files (CVE-2025-9566)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-47907
Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.
CVE-2025-9566
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1

Solution: 

Update packages.

CVEs: 
CVE-2025-47907
Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.
CVE-2025-9566
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
Additional Info: 

N/A

Download: 

SRPMS
  1. podman-5.6.0-6.el9_7.src.rpm
    MD5: 161a99d685815d395336a3fe35cb5bac
    SHA-256: c7f3290bd79bf4a90fdc2c7e92fd5ec060d3fc0b3cb45b5ece382ab63fc07b5b
    Size: 21.95 MB

Asianux Server 9 for x86_64
  1. podman-5.6.0-6.el9_7.x86_64.rpm
    MD5: d74871ea99acf60e6541d77ca04b2a99
    SHA-256: 97f80b8c2258f5ee40f8f1a9c07ceada3f4db4b73ffa2295cf5f5f3e69add9b2
    Size: 16.01 MB
  2. podman-docker-5.6.0-6.el9_7.noarch.rpm
    MD5: e736a3990a3b1ce78757141a81b39307
    SHA-256: de8d57a7bf2024335eaec02ad814cc5bfe4b1a194cbb40395cd68a90a569392d
    Size: 109.40 kB
  3. podman-plugins-5.6.0-6.el9_7.x86_64.rpm
    MD5: a1a1bec1cada0e18aa88a206550235f0
    SHA-256: 4d4526ca91a82eced7b57f48ffab6405fa5c469b78f86bb8f014c4949e9e7091
    Size: 1.46 MB
  4. podman-remote-5.6.0-6.el9_7.x86_64.rpm
    MD5: b55d38f5943e9fd84bca36ec12d66ff3
    SHA-256: 9233a414b79148f71caf482d13dc3b9beedae8091c2478e175dc0317a7b32cdb
    Size: 9.89 MB
  5. podman-tests-5.6.0-6.el9_7.x86_64.rpm
    MD5: c90a5c2f39a17623dae198f96e0f3999
    SHA-256: 5d4ff5b419bd42e916115b9b0b907fa1697f9ee72fb67383595bfacca2fbb85f
    Size: 11.41 MB