You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa podman

Sigurnosni nedostatak programskog paketa podman

——————————————————————————–
Fedora Update Notification
FEDORA-2019-b66d704846
2019-06-15 01:20:44.741075
——————————————————————————–

Name : podman
Product : Fedora 29
Version : 1.4.0
Release : 2.fc29
URL : https://podman.io/
Summary : Manage Pods, Containers and Container Images
Description :
podman (Pod Manager) is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=podman. Most podman commands can be run as a regular user, without requiring additional privileges.

podman uses Buildah(1) internally to create container images. Both tools share image (not container) storage, hence each can use or manipulate images (but not containers) created by the other.

Manage Pods, Containers and Container Images
libpod Simple management tool for pods, containers and images

——————————————————————————–
Update Information:

do not install /usr/libexec/crio – conflicts with crio —- Resolves: #1715668
– CVE-2019-10152
——————————————————————————–
ChangeLog:

* Tue Jun 11 2019 Lokesh Mandvekar <lsm5@fedoraproject.org> – 2:1.4.0-2
– do not install /usr/libexec/crio – conflicts with crio
* Mon Jun 10 2019 Lokesh Mandvekar <lsm5@fedoraproject.org> – 2:1.4.0-1
– Resolves: #1715668 – CVE-2019-10152
– bump to v1.4.0
* Fri May 17 2019 Dan Walsh <dwalsh@redhat.com> – 2:1.3.1-1.git7210727
– New Release of podman
* Mon Apr 1 2019 Dan Walsh <dwalsh@redhat.com> – 2:1.2.0-2.git6aa8078
– New Release of podman
* Mon Mar 18 2019 Eduardo Santiago <santiago@redhat.com> – 2:1.1.2-4.dev.git6aa8078
– include zsh completion
* Wed Mar 13 2019 Eduardo Santiago <santiago@redhat.com> – 2:1.1.2-3.dev.gitb33a00e
– new -tests subpackage
* Tue Mar 12 2019 Lokesh Mandvekar <lsm5@fedoraproject.org> – 2:1.1.2-2.dev.git0ad9b6b
– missed the system renumber scriptlet in the previous build
* Tue Mar 12 2019 Lokesh Mandvekar <lsm5@fedoraproject.org> – 2:1.1.2-1.dev.git0ad9b6b
– bump to v1.1.2
* Tue Mar 12 2019 Lokesh Mandvekar <lsm5@fedoraproject.org> – 2:1.0.1-32.dev.git228d1cb
– Resolves: #1686636 – do not depend on conmon (conmon moved to modules)
* Tue Feb 19 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-31.dev.git228d1cb
– autobuilt 228d1cb
* Mon Feb 18 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-30.dev.git3f32eae
– autobuilt 3f32eae
* Sun Feb 17 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-29.dev.git1cb16bd
– autobuilt 1cb16bd
* Sat Feb 16 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-28.dev.git0a521e1
– autobuilt 0a521e1
* Fri Feb 15 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-27.dev.git81ace5c
– autobuilt 81ace5c
* Thu Feb 14 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-26.dev.gitdfc64e1
– autobuilt dfc64e1
* Wed Feb 13 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-25.dev.gitee27c39
– autobuilt ee27c39
* Tue Feb 12 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-24.dev.git8923703
– autobuilt 8923703
* Sun Feb 10 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-23.dev.gitc86e8f1
– autobuilt c86e8f1
* Sat Feb 9 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-22.dev.gitafd4d5f
– autobuilt afd4d5f
* Fri Feb 8 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-21.dev.git962850c
– autobuilt 962850c
* Thu Feb 7 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-20.dev.gitf250745
– autobuilt f250745
* Wed Feb 6 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-19.dev.git650e242
– autobuilt 650e242
* Tue Feb 5 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-18.dev.git778f986
– autobuilt 778f986
* Sun Feb 3 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-17.dev.gitd5593b8
– autobuilt d5593b8
* Sat Feb 2 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-16.dev.gite6426af
– autobuilt e6426af
* Fri Feb 1 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-15.dev.gite97dc8e
– autobuilt e97dc8e
* Thu Jan 31 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-14.dev.git805c6d9
– autobuilt 805c6d9
* Wed Jan 30 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-13.dev.gitad5579e
– autobuilt ad5579e
* Tue Jan 29 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-12.dev.gitebe9297
– autobuilt ebe9297
* Thu Jan 24 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-11.dev.gitc9e1f36
– autobuilt c9e1f36
* Wed Jan 23 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-10.dev.git7838a13
– autobuilt 7838a13
* Tue Jan 22 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-9.dev.gitec96987
– autobuilt ec96987
* Mon Jan 21 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-8.dev.gitef2f6f9
– autobuilt ef2f6f9
* Sun Jan 20 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-7.dev.git579fc0f
– autobuilt 579fc0f
* Sat Jan 19 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-6.dev.git0d4bfb0
– autobuilt 0d4bfb0
* Fri Jan 18 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-5.dev.gite3dc660
– autobuilt e3dc660
* Thu Jan 17 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-4.dev.git0e3264a
– autobuilt 0e3264a
* Wed Jan 16 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-3.dev.git1b2f752
– autobuilt 1b2f752
* Tue Jan 15 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:1.0.1-2.dev.git6301f6a
– bump to 1.0.1
– autobuilt 6301f6a
* Mon Jan 14 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-3.dev.git140ae25
– autobuilt 140ae25
* Sat Jan 12 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-2.dev.git5c86efb
– bump to 0.12.2
– autobuilt 5c86efb
* Fri Jan 11 2019 bbaude <bbaude@redhat.com> – 1:1.0.0-1.dev.git82e8011
– Upstream 1.0.0 release
* Thu Jan 10 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-27.dev.git0f6535c
– autobuilt 0f6535c
* Wed Jan 9 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-26.dev.gitc9d63fe
– autobuilt c9d63fe
* Tue Jan 8 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-25.dev.gitfaa2462
– autobuilt faa2462
* Mon Jan 7 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-24.dev.gitb83b07c
– autobuilt b83b07c
* Sat Jan 5 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-23.dev.git4e0c0ec
– autobuilt 4e0c0ec
* Fri Jan 4 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-22.dev.git9ffd480
– autobuilt 9ffd480
* Thu Jan 3 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-21.dev.git098c134
– autobuilt 098c134
* Tue Jan 1 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-20.dev.git7438b7b
– autobuilt 7438b7b
* Sat Dec 29 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-1.nightly.git5c86efb9.dev.git1aa55ed
– autobuilt 1aa55ed
* Thu Dec 27 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> – 2:0.12.2-1.nightly.git5c86efb8.dev.gitc50332d
– Enable python dependency generator
* Tue Dec 25 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-1.nightly.git5c86efb7.dev.gitc50332d
– autobuilt c50332d
* Mon Dec 24 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-1.nightly.git5c86efb6.dev.git8fe3050
– autobuilt 8fe3050
* Sun Dec 23 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-1.nightly.git5c86efb5.dev.git792f109
– autobuilt 792f109
* Sat Dec 22 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-1.nightly.git5c86efb4.dev.gitfe186c6
– autobuilt fe186c6
* Fri Dec 21 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-1.nightly.git5c86efb3.dev.gitfa998f2
– autobuilt fa998f2
* Thu Dec 20 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-1.nightly.git5c86efb2.dev.git6b059a5
– autobuilt 6b059a5
* Wed Dec 19 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-1.nightly.git5c86efb1.dev.gitc8eaf59
– autobuilt c8eaf59
* Tue Dec 18 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-1.nightly.git5c86efb0.dev.git68414c5
– autobuilt 68414c5
* Mon Dec 17 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-9.dev.gitb21d474
– autobuilt b21d474
* Sat Dec 15 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-8.dev.gitc086118
– autobuilt c086118
* Fri Dec 14 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-7.dev.git93b5ccf
– autobuilt 93b5ccf
* Thu Dec 13 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-6.dev.git508388b
– autobuilt 508388b
* Wed Dec 12 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-5.dev.git8a3361f
– autobuilt 8a3361f
* Tue Dec 11 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-4.dev.git235a630
– autobuilt 235a630
* Sat Dec 8 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-3.dev.git1f547b2
– autobuilt 1f547b2
* Fri Dec 7 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.12.2-2.dev.gita387c72
– bump to 0.12.2
– autobuilt a387c72
* Thu Dec 6 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.11.2-15.dev.git75b19ca
– autobuilt 75b19ca
* Wed Dec 5 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.11.2-14.dev.git320085a
– autobuilt 320085a
* Tue Dec 4 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.11.2-13.dev.git5f6ad82
– autobuilt 5f6ad82
* Sun Dec 2 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.11.2-12.dev.git41f250c
– autobuilt 41f250c
* Sat Dec 1 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.11.2-11.dev.git6b8f89d
– autobuilt 6b8f89d
* Thu Nov 29 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.11.2-10.dev.git3af62f6
– autobuilt 3af62f6
* Tue Nov 27 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.11.2-9.dev.git3956050
– autobuilt 3956050
* Mon Nov 26 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.11.2-8.dev.gite3ece3b
– autobuilt e3ece3b
* Sat Nov 24 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.11.2-7.dev.git78604c3
– autobuilt 78604c3
* Thu Nov 22 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.11.2-6.dev.git1fdfeb8
– autobuilt 1fdfeb8
* Wed Nov 21 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.11.2-5.dev.git23feb0d
– autobuilt 23feb0d
* Tue Nov 20 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.11.2-4.dev.gitea928f2
– autobuilt ea928f2
* Sat Nov 17 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.11.2-3.dev.gitcd5742f
– autobuilt cd5742f
* Fri Nov 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 2:0.11.2-2.dev.git236408b
– autobuilt 236408b
* Wed Nov 14 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> – 2:0.11.2-1.dev.git97bded4
– bump epoch cause previous version was messed up
– built 97bded4
* Tue Nov 13 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 1:0.11.20.11.2-1.dev.git79657161
– bump to 0.11.2
– autobuilt 7965716
* Sat Nov 10 2018 Dan Walsh <dwalsh@redhat.com> – 1:0.11.20.11.2-2.dev.git78e6d8e1
– Remove dirty flag from podman version
* Sat Nov 10 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 1:0.11.20.11.2-1.dev.git7965716.dev.git78e6d8e1
– bump to 0.11.2
– autobuilt 78e6d8e
* Fri Nov 9 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 1:0.11.20.11.2-1.dev.git7965716.dev.git78e6d8e.dev.gitf5473c61
– bump to 0.11.2
– autobuilt f5473c6
* Thu Nov 8 2018 baude <bbaude@redhat.com> – 1:0.11.1-1.dev.gita4adfe5
– Upstream 0.11.1-1
* Thu Nov 8 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 1:0.10.2-3.dev.git672f572
– autobuilt 672f572
* Wed Nov 7 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> – 1:0.10.2-2.dev.gite9f8aed
– autobuilt e9f8aed
* Sun Oct 28 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> – 1:0.10.2-1.dev.git4955572
– Resolves: #1643744 – build podman with ostree support
– bump to v0.10.2
– built commit 4955572
* Fri Oct 19 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> – 1:0.10.1.3-3.dev.gitdb08685
– consistent epoch:version-release in changelog
* Thu Oct 18 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> – 1:0.10.1.3-2.dev.gitdb08685
– correct epoch mentions
* Thu Oct 18 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> – 1:0.10.1.3-1.dev.gitdb08685
– bump to v0.10.1.3
——————————————————————————–
References:

[ 1 ] Bug #1715668 – CVE-2019-10152 podman: Improper symlink resolution allows access to host files when executing `podman cp` on running containers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1715668
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-b66d704846’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa znc

Otkriveni su sigurnosni nedostaci u programskom paketu znc za operacijski sustav Debian. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje proizvoljnog programskog...

Close