SUSE-SU-2025:0775-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-20250775-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0775-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:0775-1
- Related
- Published
- 2025-03-04T12:51:39Z
- Modified
- 2025-05-08T17:32:19.822157Z
- Upstream
- Summary
- Security update for podman
- Details
-
This update for podman fixes the following issues:
- CVE-2025-27144: Fixed denial of service in parsing function of embedded library Go JOSE (bsc#1237641)
- CVE-2024-9676: github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (bsc#1231698)
- CVE-2024-9675: Fixed cache arbitrary directory mount in buildah (bsc#1231499)
- CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction in buildah (bsc#1231208)
- CVE-2024-9341: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (bsc#1231230)
- CVE-2024-1753: Fixed full container escape at build time in buildah (bsc#1221677)
- CVE-2024-11218: Fixed a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. (bsc#1236270)
- CVE-2024-6104: Fixed hashicorp/go-retryablehttp writing sensitive information to log files (bsc#1227052)
CVE-2023-45288: Fixed golang.org/x/net/http2 excessive resource consumption when receiving too many headers (bsc#1236507)
Load iptables and ip6tables kernel module (bsc#1214612)
- Required for rootless mode as a regular user has no permission to load kernel modules
Refactor network backend dependencies:
- podman requires either netavark or cni-plugins. On ALP, require netavark, otherwise prefer netavark but don't force it.
- This fixes missing cni-plugins in some scenarios
- Default to netavark everywhere where it's available
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-20250775-1/
- https://bugzilla.suse.com/1214612
- https://bugzilla.suse.com/1215807
- https://bugzilla.suse.com/1215926
- https://bugzilla.suse.com/1217828
- https://bugzilla.suse.com/1221677
- https://bugzilla.suse.com/1227052
- https://bugzilla.suse.com/1231208
- https://bugzilla.suse.com/1231230
- https://bugzilla.suse.com/1231499
- https://bugzilla.suse.com/1231698
- https://bugzilla.suse.com/1236270
- https://bugzilla.suse.com/1236507
- https://bugzilla.suse.com/1237641
- https://www.suse.com/security/cve/CVE-2023-45288
- https://www.suse.com/security/cve/CVE-2024-11218
- https://www.suse.com/security/cve/CVE-2024-1753
- https://www.suse.com/security/cve/CVE-2024-6104
- https://www.suse.com/security/cve/CVE-2024-9341
- https://www.suse.com/security/cve/CVE-2024-9407
- https://www.suse.com/security/cve/CVE-2024-9675
- https://www.suse.com/security/cve/CVE-2024-9676
- https://www.suse.com/security/cve/CVE-2025-27144
Affected packages
SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS / podman
Package
- Name
- podman
- Purl
- pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
SUSE:Linux Enterprise Server 15 SP3-LTSS / podman
Package
- Name
- podman
- Purl
- pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS
SUSE:Linux Enterprise Server for SAP Applications 15 SP3 / podman
Package
- Name
- podman
- Purl
- pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
SUSE:Linux Enterprise Micro 5.1 / podman
Package
- Name
- podman
- Purl
- pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Micro%205.1
SUSE:Linux Enterprise Micro 5.2 / podman
Package
- Name
- podman
- Purl
- pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Micro%205.2