|Category:||SuSE Local Security Checks|
|Title:||SUSE: Security Advisory (SUSE-SU-2020:3378-1)|
|Summary:||The remote host is missing an update for the 'podman' package(s) announced via the SUSE-SU-2020:3378-1 advisory.|
The remote host is missing an update for the 'podman' package(s) announced via the SUSE-SU-2020:3378-1 advisory.
This update for podman fixes the following issues:
Security issue fixed:
This release resolves CVE-2020-14370, in which environment variables
could be leaked between containers created using the Varlink API
Non-security issues fixed:
add dependency to timezone package or podman fails to build a container
Install new auto-update system units
Update to v2.1.1 (bsc#1178392):
- The `podman info` command now includes the cgroup manager Podman is
- The REST API now includes a Server header in all responses.
- Fixed a bug where the Libpod and Compat Attach endpoints could
terminate early, before sending all output from the container.
- Fixed a bug where the Compat Create endpoint for containers did not
properly handle the Interactive parameter.
- Fixed a bug where the Compat Kill endpoint for containers could
continue to run after a fatal error.
- Fixed a bug where the Limit parameter of the Compat List endpoint
for Containers did not properly handle a limit of 0 (returning
nothing, instead of all containers) [#7722].
- The Libpod Stats endpoint for containers is being deprecated and
will be replaced by a similar endpoint with additional features in a
Changes in v2.1.0
- A new command, `podman image mount`, has been added. This allows for
an image to be mounted, read-only, to inspect its contents without
creating a container from it [#1433].
- The `podman save` and `podman load` commands can now create and load
archives containing multiple images [#2669].
- Rootless Podman now supports all `podman network` commands, and
rootless containers can now be joined to networks.
- The performance of `podman build` on `ADD` and `COPY` instructions
has been greatly improved, especially when a `.dockerignore` is
- The `podman run` and `podman create` commands now support a new mode
for the `--cgroups` option, `--cgroups=split`. Podman will create
two cgroups under the cgroup it was launched in, one for the
container and one for Conmon. This mode is useful for running Podman
in a systemd unit, as it ensures that all processes are retained in
systemd's cgroup hierarchy [#6400].
- The `podman run` and `podman create` commands can now specify
options to slirp4netns by using the `--network` option as follows:
`--net slirp4netns:opt1,opt2`. This allows for, among other things,
switching the port forwarder used by slirp4netns away from rootlessport.
- The `podman ps` command now features a new option, `--storage`, to
show containers from Buildah, CRI-O and other applications.
- The `podman run` and `podman create` commands now feature a
`--sdnotify` option to control the behavior of systemd's sdnotify
with containers, enabling improved support for Podman in
- The `podman run` command now features a `--preserve-fds`
opton to pass file desc... [Please see the references for more information on the vulnerabilities]
'podman' package(s) on SUSE Linux Enterprise Module for Containers 15-SP2, SUSE Linux Enterprise Module for Containers 15-SP1, SUSE Enterprise Storage 7
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2020-14370|
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.