podman-5.6.0-6.el9_7
エラータID: AXSA:2025-11464:11
リリース日:
2025/12/05 Friday - 10:22
題名:
podman-5.6.0-6.el9_7
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Go の database/sql ライブラリには、レースコンディションに至る
問題があるため、リモートの攻撃者により、クエリの結果として取得した
行の Scan メソッドの実行中のキャンセル処理と、他のクエリの同時実行
を介して、他のクエリによる取得結果の漏洩、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2025-47907)
- podman には、リモートの攻撃者により、ディレクトリトラバーサル
攻撃を可能とする脆弱性が存在します。(CVE-2025-9566)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-47907
Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.
Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.
CVE-2025-9566
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1
追加情報:
N/A
ダウンロード:
SRPMS
- podman-5.6.0-6.el9_7.src.rpm
MD5: 161a99d685815d395336a3fe35cb5bac
SHA-256: c7f3290bd79bf4a90fdc2c7e92fd5ec060d3fc0b3cb45b5ece382ab63fc07b5b
Size: 21.95 MB
Asianux Server 9 for x86_64
- podman-5.6.0-6.el9_7.x86_64.rpm
MD5: d74871ea99acf60e6541d77ca04b2a99
SHA-256: 97f80b8c2258f5ee40f8f1a9c07ceada3f4db4b73ffa2295cf5f5f3e69add9b2
Size: 16.01 MB - podman-docker-5.6.0-6.el9_7.noarch.rpm
MD5: e736a3990a3b1ce78757141a81b39307
SHA-256: de8d57a7bf2024335eaec02ad814cc5bfe4b1a194cbb40395cd68a90a569392d
Size: 109.40 kB - podman-plugins-5.6.0-6.el9_7.x86_64.rpm
MD5: a1a1bec1cada0e18aa88a206550235f0
SHA-256: 4d4526ca91a82eced7b57f48ffab6405fa5c469b78f86bb8f014c4949e9e7091
Size: 1.46 MB - podman-remote-5.6.0-6.el9_7.x86_64.rpm
MD5: b55d38f5943e9fd84bca36ec12d66ff3
SHA-256: 9233a414b79148f71caf482d13dc3b9beedae8091c2478e175dc0317a7b32cdb
Size: 9.89 MB - podman-tests-5.6.0-6.el9_7.x86_64.rpm
MD5: c90a5c2f39a17623dae198f96e0f3999
SHA-256: 5d4ff5b419bd42e916115b9b0b907fa1697f9ee72fb67383595bfacca2fbb85f
Size: 11.41 MB
English