1. Home
  2. Security Advisories
  3. Red Hat
  4. RHSA-2023:6474

[RHSA-2023:6474] podman security, bug fix, and enhancement update

Severity Moderate
Affected Packages 21
CVEs 13
Info Packages References Vulnerabilities

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

Security Fix(es):

  • golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)

  • net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

  • golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)

  • golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)

  • golang.org/x/net/html: Cross site scripting (CVE-2023-3978)

  • golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)

  • golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536)

  • golang: go/parser: Infinite loop in parsing (CVE-2023-24537)

  • golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)

  • golang: html/template: improper sanitization of CSS values (CVE-2023-24539)

  • containerd: Supplementary groups are not set up properly (CVE-2023-25173)

  • golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)

  • golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.

Package Affected Version
pkg:rpm/redhat/podman?arch=x86_64&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman?arch=s390x&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman?arch=ppc64le&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman?arch=aarch64&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman-tests?arch=x86_64&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman-tests?arch=s390x&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman-tests?arch=ppc64le&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman-tests?arch=aarch64&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman-remote?arch=x86_64&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman-remote?arch=s390x&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman-remote?arch=ppc64le&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman-remote?arch=aarch64&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman-plugins?arch=x86_64&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman-plugins?arch=s390x&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman-plugins?arch=ppc64le&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman-plugins?arch=aarch64&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman-gvproxy?arch=x86_64&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman-gvproxy?arch=s390x&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman-gvproxy?arch=ppc64le&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman-gvproxy?arch=aarch64&distro=redhat-9 < 4.6.1-5.el9
pkg:rpm/redhat/podman-docker?distro=redhat-9 < 4.6.1-5.el9
ID
RHSA-2023:6474
Severity
moderate
URL
https://access.redhat.com/errata/RHSA-2023:6474
Published
2023-11-07T00:00:00
(10 months ago)
Modified
2023-11-07T00:00:00
(10 months ago)
Rights
Copyright 2023 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 2174485 https://bugzilla.redhat.com/2174485
Bugzilla 2178358 https://bugzilla.redhat.com/2178358
Bugzilla 2178488 https://bugzilla.redhat.com/2178488
Bugzilla 2178492 https://bugzilla.redhat.com/2178492
Bugzilla 2184481 https://bugzilla.redhat.com/2184481
Bugzilla 2184482 https://bugzilla.redhat.com/2184482
Bugzilla 2184483 https://bugzilla.redhat.com/2184483
Bugzilla 2184484 https://bugzilla.redhat.com/2184484
Bugzilla 2196026 https://bugzilla.redhat.com/2196026
Bugzilla 2196027 https://bugzilla.redhat.com/2196027
Bugzilla 2196029 https://bugzilla.redhat.com/2196029
Bugzilla 2222167 https://bugzilla.redhat.com/2222167
Bugzilla 2228689 https://bugzilla.redhat.com/2228689
RHSA RHSA-2023:6474 https://access.redhat.com/errata/RHSA-2023:6474
CVE CVE-2022-41723 https://access.redhat.com/security/cve/CVE-2022-41723
CVE CVE-2022-41724 https://access.redhat.com/security/cve/CVE-2022-41724
CVE CVE-2022-41725 https://access.redhat.com/security/cve/CVE-2022-41725
CVE CVE-2023-24534 https://access.redhat.com/security/cve/CVE-2023-24534
CVE CVE-2023-24536 https://access.redhat.com/security/cve/CVE-2023-24536
CVE CVE-2023-24537 https://access.redhat.com/security/cve/CVE-2023-24537
CVE CVE-2023-24538 https://access.redhat.com/security/cve/CVE-2023-24538
CVE CVE-2023-24539 https://access.redhat.com/security/cve/CVE-2023-24539
CVE CVE-2023-24540 https://access.redhat.com/security/cve/CVE-2023-24540
CVE CVE-2023-25173 https://access.redhat.com/security/cve/CVE-2023-25173
CVE CVE-2023-29400 https://access.redhat.com/security/cve/CVE-2023-29400
CVE CVE-2023-29406 https://access.redhat.com/security/cve/CVE-2023-29406
CVE CVE-2023-3978 https://access.redhat.com/security/cve/CVE-2023-3978
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/redhat/podman?arch=x86_64&distro=redhat-9 redhat podman < 4.6.1-5.el9 redhat-9 x86_64
Affected pkg:rpm/redhat/podman?arch=s390x&distro=redhat-9 redhat podman < 4.6.1-5.el9 redhat-9 s390x
Affected pkg:rpm/redhat/podman?arch=ppc64le&distro=redhat-9 redhat podman < 4.6.1-5.el9 redhat-9 ppc64le
Affected pkg:rpm/redhat/podman?arch=aarch64&distro=redhat-9 redhat podman < 4.6.1-5.el9 redhat-9 aarch64
Affected pkg:rpm/redhat/podman-tests?arch=x86_64&distro=redhat-9 redhat podman-tests < 4.6.1-5.el9 redhat-9 x86_64
Affected pkg:rpm/redhat/podman-tests?arch=s390x&distro=redhat-9 redhat podman-tests < 4.6.1-5.el9 redhat-9 s390x
Affected pkg:rpm/redhat/podman-tests?arch=ppc64le&distro=redhat-9 redhat podman-tests < 4.6.1-5.el9 redhat-9 ppc64le
Affected pkg:rpm/redhat/podman-tests?arch=aarch64&distro=redhat-9 redhat podman-tests < 4.6.1-5.el9 redhat-9 aarch64
Affected pkg:rpm/redhat/podman-remote?arch=x86_64&distro=redhat-9 redhat podman-remote < 4.6.1-5.el9 redhat-9 x86_64
Affected pkg:rpm/redhat/podman-remote?arch=s390x&distro=redhat-9 redhat podman-remote < 4.6.1-5.el9 redhat-9 s390x
Affected pkg:rpm/redhat/podman-remote?arch=ppc64le&distro=redhat-9 redhat podman-remote < 4.6.1-5.el9 redhat-9 ppc64le
Affected pkg:rpm/redhat/podman-remote?arch=aarch64&distro=redhat-9 redhat podman-remote < 4.6.1-5.el9 redhat-9 aarch64
Affected pkg:rpm/redhat/podman-plugins?arch=x86_64&distro=redhat-9 redhat podman-plugins < 4.6.1-5.el9 redhat-9 x86_64
Affected pkg:rpm/redhat/podman-plugins?arch=s390x&distro=redhat-9 redhat podman-plugins < 4.6.1-5.el9 redhat-9 s390x
Affected pkg:rpm/redhat/podman-plugins?arch=ppc64le&distro=redhat-9 redhat podman-plugins < 4.6.1-5.el9 redhat-9 ppc64le
Affected pkg:rpm/redhat/podman-plugins?arch=aarch64&distro=redhat-9 redhat podman-plugins < 4.6.1-5.el9 redhat-9 aarch64
Affected pkg:rpm/redhat/podman-gvproxy?arch=x86_64&distro=redhat-9 redhat podman-gvproxy < 4.6.1-5.el9 redhat-9 x86_64
Affected pkg:rpm/redhat/podman-gvproxy?arch=s390x&distro=redhat-9 redhat podman-gvproxy < 4.6.1-5.el9 redhat-9 s390x
Affected pkg:rpm/redhat/podman-gvproxy?arch=ppc64le&distro=redhat-9 redhat podman-gvproxy < 4.6.1-5.el9 redhat-9 ppc64le
Affected pkg:rpm/redhat/podman-gvproxy?arch=aarch64&distro=redhat-9 redhat podman-gvproxy < 4.6.1-5.el9 redhat-9 aarch64
Affected pkg:rpm/redhat/podman-docker?distro=redhat-9 redhat podman-docker < 4.6.1-5.el9 redhat-9
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date