[RLSA-2024:3826] podman security and bug fix update

Severity Moderate

Affected Packages 9

CVEs 3

An update is available for podman. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

Security Fixes:

podman: jose-go: improper handling of highly compressed data (CVE-2024-28180)
podman: golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
podman: jose: resource exhaustion (CVE-2024-28176)

Package	Affected Version
pkg:rpm/rockylinux/podman?arch=x86_64&distro=rockylinux-9.4	< 4.9.4-4.el9_4
pkg:rpm/rockylinux/podman?arch=aarch64&distro=rockylinux-9.4	< 4.9.4-4.el9_4
pkg:rpm/rockylinux/podman-tests?arch=x86_64&distro=rockylinux-9.4	< 4.9.4-4.el9_4
pkg:rpm/rockylinux/podman-tests?arch=aarch64&distro=rockylinux-9.4	< 4.9.4-4.el9_4
pkg:rpm/rockylinux/podman-remote?arch=x86_64&distro=rockylinux-9.4	< 4.9.4-4.el9_4
pkg:rpm/rockylinux/podman-remote?arch=aarch64&distro=rockylinux-9.4	< 4.9.4-4.el9_4
pkg:rpm/rockylinux/podman-plugins?arch=x86_64&distro=rockylinux-9.4	< 4.9.4-4.el9_4
pkg:rpm/rockylinux/podman-plugins?arch=aarch64&distro=rockylinux-9.4	< 4.9.4-4.el9_4
pkg:rpm/rockylinux/podman-docker?arch=noarch&distro=rockylinux-9.4	< 4.9.4-4.el9_4

ID

RLSA-2024:3826

Severity

moderate

URL

https://errata.rockylinux.org/RLSA-2024:3826

Published

2024-06-14T14:00:40
(3 months ago)

Modified

2024-06-14T14:02:44
(3 months ago)

Rights

Other Advisories

Source	# ID	URL
CVE	CVE-2023-45290	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290
CVE	CVE-2024-28176	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28176
CVE	CVE-2024-28180	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28180
Bugzilla	2268017	https://bugzilla.redhat.com/show_bug.cgi?id=2268017
Bugzilla	2268820	https://bugzilla.redhat.com/show_bug.cgi?id=2268820
Bugzilla	2268854	https://bugzilla.redhat.com/show_bug.cgi?id=2268854
Self	RLSA-2024:3826	https://errata.rockylinux.org/RLSA-2024:3826

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/rockylinux/podman?arch=x86_64&distro=rockylinux-9.4	rockylinux	podman	< 4.9.4-4.el9_4	rockylinux-9.4	x86_64
Affected	pkg:rpm/rockylinux/podman?arch=aarch64&distro=rockylinux-9.4	rockylinux	podman	< 4.9.4-4.el9_4	rockylinux-9.4	aarch64
Affected	pkg:rpm/rockylinux/podman-tests?arch=x86_64&distro=rockylinux-9.4	rockylinux	podman-tests	< 4.9.4-4.el9_4	rockylinux-9.4	x86_64
Affected	pkg:rpm/rockylinux/podman-tests?arch=aarch64&distro=rockylinux-9.4	rockylinux	podman-tests	< 4.9.4-4.el9_4	rockylinux-9.4	aarch64
Affected	pkg:rpm/rockylinux/podman-remote?arch=x86_64&distro=rockylinux-9.4	rockylinux	podman-remote	< 4.9.4-4.el9_4	rockylinux-9.4	x86_64
Affected	pkg:rpm/rockylinux/podman-remote?arch=aarch64&distro=rockylinux-9.4	rockylinux	podman-remote	< 4.9.4-4.el9_4	rockylinux-9.4	aarch64
Affected	pkg:rpm/rockylinux/podman-plugins?arch=x86_64&distro=rockylinux-9.4	rockylinux	podman-plugins	< 4.9.4-4.el9_4	rockylinux-9.4	x86_64
Affected	pkg:rpm/rockylinux/podman-plugins?arch=aarch64&distro=rockylinux-9.4	rockylinux	podman-plugins	< 4.9.4-4.el9_4	rockylinux-9.4	aarch64
Affected	pkg:rpm/rockylinux/podman-docker?arch=noarch&distro=rockylinux-9.4	rockylinux	podman-docker	< 4.9.4-4.el9_4	rockylinux-9.4	noarch

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date