Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2022-2739) ELSA-2022-20240: podman security update

Back to Search

Oracle Linux: (CVE-2022-2739) ELSA-2022-20240: podman security update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
08/22/2022
Created
08/29/2022
Added
08/23/2022
Modified
10/03/2022

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2022-20240:

[1.6.4-36.0.1] - Reduce unnecessary writable mounts in NaiveDiffDriver [Orabug: 31025483] - handle redirect from the docker registry v2 [Orabug: 29874238] (nikita.gerasimov@oracle.com) - remove changes in NaiveDiffDriver [1.6.4-36] - update to the latest content of https://github.com/containers/podman/tree/v1.6.4-rhel (https://github.com/containers/podman/commit/7667df8) [1.6.4-35] - update to the latest content of https://github.com/containers/podman/tree/v1.6.4-rhel (https://github.com/containers/podman/commit/e330751) [1.6.4-34] - fix RHEL7 regressions - thanks to Valentin Rothberg [1.6.4-33] - update to the latest content of https://github.com/containers/podman/tree/v1.6.4-rhel (https://github.com/containers/podman/commit/68af661)

Solution(s)

  • oracle-linux-upgrade-podman
  • oracle-linux-upgrade-podman-docker

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;