The safety alert issued for Podman has acquired an replace from BSI. You can learn an outline of the safety hole together with the newest updates and details about affected working methods and merchandise right here.
Federal workplace for Security in Information Technology (BSI) revealed an replace on May 23, 2024 for the Podman safety vulnerability identified on April 1, 2024. The safety vulnerability impacts Linux, UNIX and Windows working methods and Red Hat Enterprise merchandise Linux, SUSE Linux, Oracle Linux, RESF Rocky Linux, Open Source Podman and Red Hat OpenShift.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Red Hat Security Advisory RHSA-2024:2877 (From 23 May 2024). Some helpful hyperlinks are listed later on this article.
Podman Safety Advisory – Risk: High
Risk stage: 3 (excessive)
CVSS Base Score: 8.6
CVSS provisional rating: 7,7
Remote assault: No
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop methods. The CVSS customary makes it doable to check potential or precise safety dangers primarily based on numerous standards so as to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporal scores additionally have in mind modifications over time within the danger scenario. According to CVSS, the present vulnerability is classed as “excessive” with 8.6 foundation factors.
Podman Bug: Vulnerability permits safety measures to be bypassed
Podman is a runtime and container software that enables customers to run and handle containers with out the necessity for a separate daemon course of.
A distant, unknown attacker may exploit a vulnerability in Podman to bypass safety measures.
Vulnerabilities are recognized by a CVE (Common Vulnerabilities and Exposures) serial quantity. CVE-2024-1753 on the market.
Systems affected by the Podman vulnerability at a look
Operating methods
Linux, UNIX, Windows
Products
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
RESF Rocky Linux (cpe:/o:resf:rocky_linux)
Open Source Podman Open Source Podman Red Hat OpenShift Container Platform OpenShift Container Platform OpenShift Container Platform OpenShift Container Platform
Common steps to handle IT safety gaps
- Users of affected methods ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This typically comprises further details about the newest model of the software program in query and the provision of safety patches or efficiency suggestions.
- If you’ve got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to recurrently test the desired sources to see if a brand new safety replace is out there.
Sources for updates, patches and workarounds
Here you’ll discover some hyperlinks with details about bug studies, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:2877 vom 2024-05-23 (23.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:3254 vom 2024-05-22 (21.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2784 vom 2024-05-16 (16.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2672 vom 2024-05-09 (09.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2669 vom 2024-05-09 (09.05.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-2548 vom 2024-05-08 (07.05.2024)
For extra data, see:
Rocky Linux Security Advisory RLSA-2024:2084 vom 2024-05-06 (06.05.2024)
For extra data, see:
Rocky Linux Security Advisory RLSA-2024:2098 vom 2024-05-06 (06.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2047 vom 2024-05-02 (02.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2645 vom 2024-05-01 (01.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2548 vom 2024-04-30 (01.05.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-2098 vom 2024-04-30 (29.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2089 vom 2024-04-29 (29.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-2084 vom 2024-04-30 (29.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2090 vom 2024-04-29 (29.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2098 vom 2024-04-29 (28.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2097 vom 2024-04-29 (28.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2077 vom 2024-04-29 (28.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2084 vom 2024-04-29 (28.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-2055 vom 2024-04-26 (25.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2066 vom 2024-04-25 (25.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2064 vom 2024-04-25 (25.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2055 vom 2024-04-25 (24.04.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:1143-1 vom 2024-04-08 (08.04.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:1145-1 vom 2024-04-08 (08.04.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:1144-1 vom 2024-04-08 (08.04.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:1142-1 vom 2024-04-08 (08.04.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:1146-1 vom 2024-04-08 (08.04.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:1059-1 vom 2024-04-01 (01.04.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:1058-1 vom 2024-04-01 (01.04.2024)
For extra data, see:
GitHub Advisory Database vom 2024-04-01 (01.04.2024)
For extra data, see:
Version historical past of this safety alert
This is model 14 of this Podman IT safety discover. This doc can be up to date as extra updates are introduced. You can see the modifications made utilizing the model historical past beneath.
April 1, 2024 – First model
04/08/2024 – New updates from SUSE added
April 24, 2024 – New updates from Red Hat have been added
April 25, 2024 – New updates from Red Hat and Oracle Linux have been added
April 28, 2024 – New updates from Red Hat have been added
April 29, 2024 – New updates from Red Hat and Oracle Linux have been added
May 1, 2024 – New updates from Red Hat added
May 2, 2024 – New updates from Red Hat added
May 6, 2024 – New updates from the Rocky Enterprise Software Foundation have been added
May 7, 2024 – New Oracle Linux updates added
May 9, 2024 – New updates from Red Hat have been added
May 16, 2024 – New updates from Red Hat have been added
May 21, 2024 – New updates from Red Hat added
05/23/2024 – New updates from Red Hat have been added
+++ Editorial be aware: This doc relies on present BSI knowledge and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover scorching information, present movies and a direct line to the editorial crew.
kns/roj/information.de