Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.852813 |
Categoría: | SuSE Local Security Checks |
Título: | openSUSE: Security Advisory for podman, slirp4netns and libcontainers-common (openSUSE-SU-2019:2044-1) |
Resumen: | The remote host is missing an update for the 'podman, slirp4netns and libcontainers-common'; package(s) announced via the openSUSE-SU-2019:2044-1 advisory. |
Descripción: | Summary: The remote host is missing an update for the 'podman, slirp4netns and libcontainers-common' package(s) announced via the openSUSE-SU-2019:2044-1 advisory. Vulnerability Insight: This is a version update for podman to version 1.4.4 (bsc#1143386). Additional changes by SUSE on top: - Remove fuse-overlayfs because it's (currently) an unsatisfied dependency on SLE (bsc#1143386) - Update libpod.conf to use correct infra_command - Update libpod.conf to use better versioned pause container - Update libpod.conf to use official kubic pause container - Update libpod.conf to match latest features set: detach_keys, lock_type, runtime_supports_json - Add podman-remote varlink client Version update podman to v1.4.4: - Features - Podman now has greatly improved support for containers using multiple OCI runtimes. Containers now remember if they were created with a different runtime using --runtime and will always use that runtime - The cached and delegated options for volume mounts are now allowed for Docker compatibility (#3340) - The podman diff command now supports the --latest flag - Bugfixes - Fixed a bug where rootless Podman would attempt to use the entire root configuration if no rootless configuration was present for the user, breaking rootless Podman for new installations - Fixed a bug where rootless Podman's pause process would block SIGTERM, preventing graceful system shutdown and hanging until the system's init send SIGKILL - Fixed a bug where running Podman as root with sudo -E would not work after running rootless Podman at least once - Fixed a bug where options for tmpfs volumes added with the --tmpfs flag were being ignored - Fixed a bug where images with no layers could not properly be displayed and removed by Podman - Fixed a bug where locks were not properly freed on failure to create a container or pod - Fixed a bug where podman cp on a single file would create a directory at the target and place the file in it (#3384) - Fixed a bug where podman inspect --format '{{.Mounts}}' would print a hexadecimal address instead of a container's mounts - Fixed a bug where rootless Podman would not add an entry to container's /etc/hosts files for their own hostname (#3405) - Fixed a bug where podman ps --sync would segfault (#3411) - Fixed a bug where podman generate kube would produce an invalid ports configuration (#3408) - Misc - Updated containers/storage to v1.12.13 - Podman now performs much better on systems with heavy I/O load - The --cgroup-manager flag to podman now shows the correct default setting in help if the default was overridden by libpod.conf - For backwards compatibility, setting --log-driver=json-file in podman run is now supported as an alias ... Description truncated. Please see the references for more information. Affected Software/OS: 'podman, ' package(s) on openSUSE Leap 15.1. Solution: Please install the updated package(s). CVSS Score: 6.2 CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-6778 BugTraq ID: 106758 http://www.securityfocus.com/bid/106758 Bugtraq: 20190531 [SECURITY] [DSA 4454-1] qemu security update (Google Search) https://seclists.org/bugtraq/2019/May/76 Debian Security Information: DSA-4454 (Google Search) https://www.debian.org/security/2019/dsa-4454 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/ [Qemu-devel][PULL 65/65] 20190114 slirp: check data length while emulating ident https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html [oss-security] 20190124 CVE-2019-6778 QEMU: slirp: heap buffer overflow in tcp_emu() http://www.openwall.com/lists/oss-security/2019/01/24/5 RedHat Security Advisories: RHSA-2019:1883 https://access.redhat.com/errata/RHSA-2019:1883 RedHat Security Advisories: RHSA-2019:1968 https://access.redhat.com/errata/RHSA-2019:1968 RedHat Security Advisories: RHSA-2019:2425 https://access.redhat.com/errata/RHSA-2019:2425 RedHat Security Advisories: RHSA-2019:2892 https://access.redhat.com/errata/RHSA-2019:2892 SuSE Security Announcement: SUSE-SA-2019:0254-1 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html SuSE Security Announcement: openSUSE-SU-2019:1074 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html SuSE Security Announcement: openSUSE-SU-2019:1226 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html SuSE Security Announcement: openSUSE-SU-2019:2044 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html SuSE Security Announcement: openSUSE-SU-2020:0468 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html https://usn.ubuntu.com/3923-1/ |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |