SUSE-SU-2025:0267-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-20250267-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0267-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:0267-1
- Related
- Published
- 2025-01-28T11:25:30Z
- Modified
- 2025-05-08T17:33:01.362384Z
- Upstream
- Summary
- Security update for podman
- Details
-
This update for podman fixes the following issues:
CVE-2024-9676: github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (bsc#1231698)
Load iptables and ip6tables kernel module (bsc#1214612)
- Required for rootless mode as a regular user has no permission to load kernel modules
CVE-2024-9675: Fixed cache arbitrary directory mount in buildah (bsc#1231499)
- CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction in buildah (bsc#1231208)
- CVE-2024-9341: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (bsc#1231230)
- CVE-2024-1753: Fixed full container escape at build time in buildah (bsc#1221677)
CVE-2024-11218: Fixed a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. (bsc#1236270)
Refactor network backend dependencies:
- podman requires either netavark or cni-plugins. On ALP, require netavark, otherwise prefer netavark but don't force it.
- This fixes missing cni-plugins in some scenarios
- Default to netavark everywhere where it's available
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-20250267-1/
- https://bugzilla.suse.com/1214612
- https://bugzilla.suse.com/1215807
- https://bugzilla.suse.com/1215926
- https://bugzilla.suse.com/1217828
- https://bugzilla.suse.com/1221677
- https://bugzilla.suse.com/1231208
- https://bugzilla.suse.com/1231230
- https://bugzilla.suse.com/1231499
- https://bugzilla.suse.com/1231698
- https://bugzilla.suse.com/1236270
- https://www.suse.com/security/cve/CVE-2024-11218
- https://www.suse.com/security/cve/CVE-2024-1753
- https://www.suse.com/security/cve/CVE-2024-9341
- https://www.suse.com/security/cve/CVE-2024-9407
- https://www.suse.com/security/cve/CVE-2024-9675
- https://www.suse.com/security/cve/CVE-2024-9676
Affected packages
SUSE:Linux Enterprise Micro 5.3 / podman
Package
- Name
- podman
- Purl
- pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Micro%205.3
SUSE:Linux Enterprise Micro 5.4 / podman
Package
- Name
- podman
- Purl
- pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Micro%205.4
SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS / podman
Package
- Name
- podman
- Purl
- pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS
SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS / podman
Package
- Name
- podman
- Purl
- pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS
SUSE:Linux Enterprise Server 15 SP4-LTSS / podman
Package
- Name
- podman
- Purl
- pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS