drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in podman
Name: |
Ausführen beliebiger Kommandos in podman |
|
ID: |
FEDORA-2024-a267e93f8c |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 40 |
|
Datum: |
Mi, 27. März 2024, 07:51 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1753 |
|
Applikationen: |
podman |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2024-a267e93f8c 2024-03-27 00:14:45.218270 ------------------------------------------------------------------------------- -
Name : podman Product : Fedora 40 Version : 5.0.0 Release : 1.fc40 URL : https://podman.io/ Summary : Manage Pods, Containers and Container Images Description : podman (Pod Manager) is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=podman. Most podman commands can be run as a regular user, without requiring additional privileges.
podman uses Buildah(1) internally to create container images. Both tools share image (not container) storage, hence each can use or manipulate images (but not containers) created by the other.
Manage Pods, Containers and Container Images %{repo} Simple management tool for pods, containers and images
------------------------------------------------------------------------------- - Update Information:
Security fix for CVE-2024-1753 Automatic update for podman-5.0.0-1.fc40. Changelog for podman * Tue Mar 19 2024 Packit <hello@packit.dev> - 5:5.0.0-1 - [packit] 5.0.0 upstream release * Fri Mar 15 2024 Packit <hello@packit.dev> - 5:5.0.0~rc7-1 - [packit] 5.0.0-rc7 upstream release * Wed Mar 13 2024 Lokesh Mandvekar <lsm5@redhat.com> - 5:5.0.0~rc6-2 - Resolves: #2269148 - make passt a hard dep * Mon Mar 11 2024 Packit <hello@packit.dev> - 5:5.0.0~rc6-1 - [packit] 5.0.0-rc6 upstream release * Fri Mar 08 2024 Packit <hello@packit.dev> - 5:5.0.0~rc5-1 - [packit] 5.0.0-rc5 upstream release * Tue Mar 05 2024 Packit <hello@packit.dev> - 5:5.0.0~rc4-1 - [packit] 5.0.0-rc4 upstream release * Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-5 - Show the toolbox RPMs used to run the tests * Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-4 - Avoid running out of storage space when running the Toolbx tests * Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-3 - Silence warnings about deprecated grep(1) use in test logs * Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-2 - Update how Toolbx is spelt * Thu Feb 22 2024 Packit <hello@packit.dev> - 5:5.0.0~rc3-1 - [packit] 5.0.0-rc3 upstream release Automatic update for podman-5.0.0~rc7-1.fc40. Changelog for podman * Fri Mar 15 2024 Packit <hello@packit.dev> - 5:5.0.0~rc7-1 - [packit] 5.0.0-rc7 upstream release * Wed Mar 13 2024 Lokesh Mandvekar <lsm5@redhat.com> - 5:5.0.0~rc6-2 - Resolves: #2269148 - make passt a hard dep * Mon Mar 11 2024 Packit <hello@packit.dev> - 5:5.0.0~rc6-1 - [packit] 5.0.0-rc6 upstream release * Fri Mar 08 2024 Packit <hello@packit.dev> - 5:5.0.0~rc5-1 - [packit] 5.0.0-rc5 upstream release * Tue Mar 05 2024 Packit <hello@packit.dev> - 5:5.0.0~rc4-1 - [packit] 5.0.0-rc4 upstream release * Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-5 - Show the toolbox RPMs used to run the tests * Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-4 - Avoid running out of storage space when running the Toolbx tests * Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-3 - Silence warnings about deprecated grep(1) use in test logs * Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-2 - Update how Toolbx is spelt * Thu Feb 22 2024 Packit <hello@packit.dev> - 5:5.0.0~rc3-1 - [packit] 5.0.0-rc3 upstream release make passt and netavark hard dependencies for podman Automatic update for podman-5.0.0~rc6-1.fc40. Changelog for podman * Mon Mar 11 2024 Packit <hello@packit.dev> - 5:5.0.0~rc6-1 - [packit] 5.0.0-rc6 upstream release * Fri Mar 08 2024 Packit <hello@packit.dev> - 5:5.0.0~rc5-1 - [packit] 5.0.0-rc5 upstream release * Tue Mar 05 2024 Packit <hello@packit.dev> - 5:5.0.0~rc4-1 - [packit] 5.0.0-rc4 upstream release * Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-5 - Show the toolbox RPMs used to run the tests * Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-4 - Avoid running out of storage space when running the Toolbx tests * Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-3 - Silence warnings about deprecated grep(1) use in test logs * Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-2 - Update how Toolbx is spelt * Thu Feb 22 2024 Packit <hello@packit.dev> - 5:5.0.0~rc3-1 - [packit] 5.0.0-rc3 upstream release Automatic update for podman-5.0.0~rc5-1.fc40. Changelog for podman * Fri Mar 08 2024 Packit <hello@packit.dev> - 5:5.0.0~rc5-1 - [packit] 5.0.0-rc5 upstream release * Tue Mar 05 2024 Packit <hello@packit.dev> - 5:5.0.0~rc4-1 - [packit] 5.0.0-rc4 upstream release * Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-5 - Show the toolbox RPMs used to run the tests * Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-4 - Avoid running out of storage space when running the Toolbx tests * Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-3 - Silence warnings about deprecated grep(1) use in test logs * Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-2 - Update how Toolbx is spelt * Thu Feb 22 2024 Packit <hello@packit.dev> - 5:5.0.0~rc3-1 - [packit] 5.0.0-rc3 upstream release Automatic update for podman-5.0.0~rc4-1.fc40. Automatic update for podman-5.0.0~rc3-1.fc40. Removing podman 5.0.0-rc6 build to let the rest of this get past gating. We already have v5.0.0 bodhi for f40. ------------------------------------------------------------------------------- - ChangeLog:
* Tue Mar 19 2024 Packit <hello@packit.dev> - 5:5.0.0-1 - [packit] 5.0.0 upstream release * Fri Mar 15 2024 Packit <hello@packit.dev> - 5:5.0.0~rc7-1 - [packit] 5.0.0-rc7 upstream release * Wed Mar 13 2024 Lokesh Mandvekar <lsm5@redhat.com> - 5:5.0.0~rc6-2 - Resolves: #2269148 - make passt a hard dep * Mon Mar 11 2024 Packit <hello@packit.dev> - 5:5.0.0~rc6-1 - [packit] 5.0.0-rc6 upstream release * Fri Mar 8 2024 Packit <hello@packit.dev> - 5:5.0.0~rc5-1 - [packit] 5.0.0-rc5 upstream release * Tue Mar 5 2024 Packit <hello@packit.dev> - 5:5.0.0~rc4-1 - [packit] 5.0.0-rc4 upstream release * Fri Mar 1 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-5 - Show the toolbox RPMs used to run the tests * Fri Mar 1 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-4 - Avoid running out of storage space when running the Toolbx tests * Fri Mar 1 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-3 - Silence warnings about deprecated grep(1) use in test logs * Fri Mar 1 2024 Debarshi Ray <rishi@fedoraproject.org> - 5:5.0.0~rc3-2 - Update how Toolbx is spelt * Thu Feb 22 2024 Packit <hello@packit.dev> - 5:5.0.0~rc3-1 - [packit] 5.0.0-rc3 upstream release ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #2265513 - CVE-2024-1753 buildah: full container escape at build time https://bugzilla.redhat.com/show_bug.cgi?id=2265513 ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-a267e93f8c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
|
|
|
|