[ALSA-2022:8431] podman security, bug fix, and enhancement update
Severity
Low
Affected Packages
13
CVEs
2
podman security, bug fix, and enhancement update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
- podman: possible information disclosure and modification (CVE-2022-2989)
- buildah: possible information disclosure and modification (CVE-2022-2990)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- (podman image trust) does not support the new trust type "sigstoreSigned " (BZ#2120436)
- dnf-update broken for podman/catatonit (BZ#2123319)
- podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/ (BZ#2123905)
- podman kill may deadlock AlmaLinux 9.1
- containers config.json gets empty after sudden power loss (BZ#2136278)
- PANIC podman API service endpoint handler panic (BZ#2136287)
Enhancement(s):
- Podman volume plugin timeout should be configurable almalinux-9.1.0 Z
- [RFE]Podman support to perform custom actions on unhealthy containers (BZ#2136281)
- ID
- ALSA-2022:8431
- Severity
- low
- URL
- https://errata.almalinux.org/ALSA-2022:8431.html
- Published
-
2022-11-15T00:00:00
(22 months ago) - Modified
-
2023-09-15T13:41:48
(12 months ago) - Rights
- Copyright 2022 AlmaLinux OS
- Other Advisories
-
- ALPINE:CVE-2022-2989
- ALPINE:CVE-2022-2990
- ALSA-2022:7822
- ALSA-2022:8008
- ALSA-2023:2802
- ELSA-2022-7457
- ELSA-2022-7822
- ELSA-2022-8008
- ELSA-2022-8431
- ELSA-2023-2802
- GLSA-202407-12
- GO-2022-1008
- RHSA-2022:7457
- RHSA-2022:7822
- RHSA-2022:8008
- RHSA-2022:8431
- RHSA-2023:2802
- RLSA-2022:7457
- RLSA-2022:7822
- SUSE-SU-2022:3655-1
- SUSE-SU-2022:3766-1
- SUSE-SU-2022:3819-1
- SUSE-SU-2022:3820-1
- SUSE-SU-2022:4349-1
- SUSE-SU-2022:4350-1
- SUSE-SU-2023:0187-1
- SUSE-SU-2023:0326-1
- SUSE-SU-2023:4099-1
- USN-6295-1
Source | # ID | Name | URL |
---|---|---|---|
RHSA | RHSA-2022:8431 | https://access.redhat.com/errata/RHSA-2022:8431 | |
CVE | CVE-2022-2989 | https://access.redhat.com/security/cve/CVE-2022-2989 | |
CVE | CVE-2022-2990 | https://access.redhat.com/security/cve/CVE-2022-2990 | |
Bugzilla | 2121445 | https://bugzilla.redhat.com/2121445 | |
Bugzilla | 2121453 | https://bugzilla.redhat.com/2121453 | |
Self | ALSA-2022:8431 | https://errata.almalinux.org/9/ALSA-2022-8431.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/almalinux/podman?arch=x86_64&distro=almalinux-9.1 | almalinux | podman | < 4.2.0-7.el9_1 | almalinux-9.1 | x86_64 | |
Affected | pkg:rpm/almalinux/podman?arch=aarch64&distro=almalinux-9.1 | almalinux | podman | < 4.2.0-7.el9_1 | almalinux-9.1 | aarch64 | |
Affected | pkg:rpm/almalinux/podman-tests?arch=x86_64&distro=almalinux-9.1 | almalinux | podman-tests | < 4.2.0-7.el9_1 | almalinux-9.1 | x86_64 | |
Affected | pkg:rpm/almalinux/podman-tests?arch=aarch64&distro=almalinux-9.1 | almalinux | podman-tests | < 4.2.0-7.el9_1 | almalinux-9.1 | aarch64 | |
Affected | pkg:rpm/almalinux/podman-remote?arch=x86_64&distro=almalinux-9.1 | almalinux | podman-remote | < 4.2.0-7.el9_1 | almalinux-9.1 | x86_64 | |
Affected | pkg:rpm/almalinux/podman-remote?arch=aarch64&distro=almalinux-9.1 | almalinux | podman-remote | < 4.2.0-7.el9_1 | almalinux-9.1 | aarch64 | |
Affected | pkg:rpm/almalinux/podman-plugins?arch=x86_64&distro=almalinux-9.1 | almalinux | podman-plugins | < 4.2.0-7.el9_1 | almalinux-9.1 | x86_64 | |
Affected | pkg:rpm/almalinux/podman-plugins?arch=aarch64&distro=almalinux-9.1 | almalinux | podman-plugins | < 4.2.0-7.el9_1 | almalinux-9.1 | aarch64 | |
Affected | pkg:rpm/almalinux/podman-gvproxy?arch=x86_64&distro=almalinux-9.1 | almalinux | podman-gvproxy | < 4.2.0-7.el9_1 | almalinux-9.1 | x86_64 | |
Affected | pkg:rpm/almalinux/podman-gvproxy?arch=aarch64&distro=almalinux-9.1 | almalinux | podman-gvproxy | < 4.2.0-7.el9_1 | almalinux-9.1 | aarch64 | |
Affected | pkg:rpm/almalinux/podman-docker?arch=noarch&distro=almalinux-9.1 | almalinux | podman-docker | < 4.2.0-7.el9_1 | almalinux-9.1 | noarch | |
Affected | pkg:rpm/almalinux/podman-catatonit?arch=x86_64&distro=almalinux-9.1 | almalinux | podman-catatonit | < 4.2.0-7.el9_1 | almalinux-9.1 | x86_64 | |
Affected | pkg:rpm/almalinux/podman-catatonit?arch=aarch64&distro=almalinux-9.1 | almalinux | podman-catatonit | < 4.2.0-7.el9_1 | almalinux-9.1 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |