| Description: | Summary:
The remote host is missing an update for the 'conmon, '
package(s) announced via the openSUSE-SU-2022:23018-1 advisory.
Vulnerability Insight:
This update for conmon, libcontainers-common, libseccomp, podman fixes the
following issues:
podman was updated to 3.4.4.
Security issues fixed:
- fix CVE-2021-41190 [bsc#1193273], opencontainers: OCI manifest and index
parsing confusion
- fix CVE-2021-4024 [bsc#1193166], podman machine spawns gvproxy with
port binded to all IPs
- fix CVE-2021-20199 [bsc#1181640], Remote traffic to rootless containers
is seen as originating from localhost
- Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer
upgrade path from podman 3.1.2
Update to version 3.4.4:
* Bugfixes
- Fixed a bug where the podman exec command would, under some
circumstances, print a warning message about failing to move conmon
to the appropriate cgroup (#12535).
- Fixed a bug where named volumes created as part of container
creation (e.g. podman run --volume avolume:/a/mountpoint or similar)
would be mounted with incorrect permissions (#12523).
- Fixed a bug where the podman-remote create and podman-remote run
commands did not properly handle the --entrypoint='' option (to
clear the container's entrypoint) (#12521).
- Update to version 3.4.3:
* Security
- This release addresses CVE-2021-4024, where the podman machine
command opened the gvproxy API (used to forward ports to podman
machine VMs) to the public internet on port 7777.
- This release addresses CVE-2021-41190, where incomplete
specification of behavior regarding image manifests could lead to
inconsistent decoding on different clients.
* Features
- The --secret type=mount option to podman create and podman run
supports a new option, target=, which specifies where in the
container the secret will be mounted (#12287).
* Bugfixes
- Fixed a bug where rootless Podman would occasionally print warning
messages about failing to move the pause process to a new cgroup
(#12065).
- Fixed a bug where the podman run and podman create commands would,
when pulling images, still require TLS even with registries set to
Insecure via config file (#11933).
- Fixed a bug where the podman generate systemd command generated
units that depended on multi-user.target, which has been removed
from some distributions (#12438).
- Fixed a bug where Podman could not run containers with images that
had /etc/ as a symlink (#12189).
- Fixed a b ...
Description truncated. Please see the references for more information.
Affected Software/OS:
'conmon, ' package(s) on openSUSE Leap 15.3.
Solution:
Please install the updated package(s).
CVSS Score:
7.1
CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
|
