RHSA-2022:7954-01 -- Redhat podmanID: oval:org.secpod.oval:def:507399 | Date: (C)2022-11-23 (M)2023-08-16 |
Class: PATCH | Family: unix |
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix: * golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing - -u- extension * golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag * podman: podman machine spawns gvproxy with port bound to all IPs * podman: Remote traffic to rootless containers is seen as orginating from localhost * containers/storage: DoS via malicious image * golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty * golang: crypto/tls: certificate of wrong type is causing TLS client to panic * golang: crash in a golang.org/x/crypto/ssh server For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Platform: |
Red Hat Enterprise Linux 9 |