Oracle Linux: (CVE-2022-2738) ELSA-2022-20240: podman security update
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From ELSA-2022-20240:
[1.6.4-36.0.1] - Reduce unnecessary writable mounts in NaiveDiffDriver [Orabug: 31025483] - handle redirect from the docker registry v2 [Orabug: 29874238] (nikita.gerasimov@oracle.com) - remove changes in NaiveDiffDriver [1.6.4-36] - update to the latest content of https://github.com/containers/podman/tree/v1.6.4-rhel (https://github.com/containers/podman/commit/7667df8) [1.6.4-35] - update to the latest content of https://github.com/containers/podman/tree/v1.6.4-rhel (https://github.com/containers/podman/commit/e330751) [1.6.4-34] - fix RHEL7 regressions - thanks to Valentin Rothberg [1.6.4-33] - update to the latest content of https://github.com/containers/podman/tree/v1.6.4-rhel (https://github.com/containers/podman/commit/68af661)
Solution(s)
- oracle-linux-upgrade-podman
- oracle-linux-upgrade-podman-docker
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center