Branch p9 update bulletin.

Package podman updated to version 2.0.6-alt1 for branch p9 in task 257934.

Published: 2020-09-23
Modified: 2024-11-21

CVE-2020-14370

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1874268
https://bugzilla.redhat.com/show_bug.cgi?id=1874268
FEDORA-2020-76fcd0ba34
FEDORA-2020-76fcd0ba34
FEDORA-2020-7b6058fec9
FEDORA-2020-7b6058fec9
FEDORA-2020-3a4b8fca5e
FEDORA-2020-3a4b8fca5e

Package galera updated to version 26.4.5-alt2 for branch p9 in task 257922.

Failed to open '/var/log/garbd/garbd.log' for appending

Version: 2.1.0

Branch p9 update on 2020-09-24

ALT-BU-2020-4048-1

ALT-PU-2020-2863-1

Closed vulnerabilities

CVE-2020-14370

ALT-PU-2020-2866-1

Closed bugs

Bug #37919