Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2019.2223.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2019:2223-1)
Summary:The remote host is missing an update for the 'podman, slirp4netns and libcontainers-common' package(s) announced via the SUSE-SU-2019:2223-1 advisory.
Description:Summary:
The remote host is missing an update for the 'podman, slirp4netns and libcontainers-common' package(s) announced via the SUSE-SU-2019:2223-1 advisory.

Vulnerability Insight:
This is a version update for podman to version 1.4.4 (bsc#1143386).

Additional changes by SUSE on top:
Remove fuse-overlayfs because it's (currently) an unsatisfied dependency
on SLE (bsc#1143386)

Update libpod.conf to use correct infra_command

Update libpod.conf to use better versioned pause container

Update libpod.conf to use official kubic pause container

Update libpod.conf to match latest features set: detach_keys, lock_type,
runtime_supports_json

Add podman-remote varlink client

Version update podman to v1.4.4:
Features

- Podman now has greatly improved support for containers using multiple
OCI runtimes. Containers now remember if they were created with a
different runtime using --runtime and will always use that runtime
- The cached and delegated options for volume mounts are now allowed for
Docker compatability (#3340)
- The podman diff command now supports the --latest flag Bugfixes

- Fixed a bug where rootless Podman would attempt to use the entire root
configuration if no rootless configuration was present for the user,
breaking rootless Podman for new installations
- Fixed a bug where rootless Podman's pause process would block SIGTERM,
preventing graceful system shutdown and hanging until the system's
init send SIGKILL
- Fixed a bug where running Podman as root with sudo -E would not work
after running rootless Podman at least once
- Fixed a bug where options for tmpfs volumes added with the --tmpfs
flag were being ignored
- Fixed a bug where images with no layers could not properly be
displayed and removed by Podman
- Fixed a bug where locks were not properly freed on failure to create a
container or pod
- Fixed a bug where podman cp on a single file would create a directory
at the target and place the file in it (#3384)
- Fixed a bug where podman inspect --format '{{.Mounts}}' would print a
hexadecimal address instead of a container's mounts
- Fixed a bug where rootless Podman would not add an entry to
container's /etc/hosts files for their own hostname (#3405)
- Fixed a bug where podman ps --sync would segfault (#3411)
- Fixed a bug where podman generate kube would produce an invalid ports
configuration (#3408)
Misc

- Updated containers/storage to v1.12.13
- Podman now performs much better on systems with heavy I/O load
- The --cgroup-manager flag to podman now shows the correct default
setting in help if the default was overridden by libpod.conf
- For backwards compatability, setting --log-driver=json-file in podman
run is now supported as an alias for --log-driver=k8s-file. This is
considered deprecated, and json-file will be moved to a new
implementation in the future
([#3363]([link moved to references] d/issues/3363))
- Podman's default libpod.conf file now allows the crun OCI runtime to
be used if it is installed

Update podman to v1.4.2:
Fixed a bug where Podman could not run containers usin... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'podman, slirp4netns and libcontainers-common' package(s) on SUSE Linux Enterprise Module for Containers 15-SP1, SUSE Linux Enterprise Module for Basesystem 15-SP1

Solution:
Please install the updated package(s).

CVSS Score:
6.2

CVSS Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-6778
BugTraq ID: 106758
http://www.securityfocus.com/bid/106758
Bugtraq: 20190531 [SECURITY] [DSA 4454-1] qemu security update (Google Search)
https://seclists.org/bugtraq/2019/May/76
Debian Security Information: DSA-4454 (Google Search)
https://www.debian.org/security/2019/dsa-4454
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/
[Qemu-devel][PULL 65/65] 20190114 slirp: check data length while emulating ident
https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html
[oss-security] 20190124 CVE-2019-6778 QEMU: slirp: heap buffer overflow in tcp_emu()
http://www.openwall.com/lists/oss-security/2019/01/24/5
RedHat Security Advisories: RHSA-2019:1883
https://access.redhat.com/errata/RHSA-2019:1883
RedHat Security Advisories: RHSA-2019:1968
https://access.redhat.com/errata/RHSA-2019:1968
RedHat Security Advisories: RHSA-2019:2425
https://access.redhat.com/errata/RHSA-2019:2425
RedHat Security Advisories: RHSA-2019:2892
https://access.redhat.com/errata/RHSA-2019:2892
SuSE Security Announcement: SUSE-SA-2019:0254-1 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html
SuSE Security Announcement: openSUSE-SU-2019:1074 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html
SuSE Security Announcement: openSUSE-SU-2019:1226 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html
SuSE Security Announcement: openSUSE-SU-2019:2044 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html
SuSE Security Announcement: openSUSE-SU-2020:0468 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
https://usn.ubuntu.com/3923-1/
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.