Lucene search
AlmaLinuxALSA-2023:7765HistoryDec 12, 2023 - 12:00 a.m.
Moderate: podman security update
2023-12-1200:00:00
errata.almalinux.org
14
podman
container pods
kubernetes
security update
golang
tls
html
script contexts
cve
cvss
acknowledgments
references
unix
0.001 Low
EPSS
Percentile
37.1%
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
- golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
- golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)
- golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)
- golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
- golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 9 | noarch | podman-docker | <Â 4.6.1-7.el9_3 | podman-docker-4.6.1-7.el9_3.noarch.rpm |
| almalinux | 9 | ppc64le | podman-plugins | <Â 4.6.1-7.el9_3 | podman-plugins-4.6.1-7.el9_3.ppc64le.rpm |
| almalinux | 9 | ppc64le | podman | <Â 4.6.1-7.el9_3 | podman-4.6.1-7.el9_3.ppc64le.rpm |
| almalinux | 9 | ppc64le | podman-remote | <Â 4.6.1-7.el9_3 | podman-remote-4.6.1-7.el9_3.ppc64le.rpm |
| almalinux | 9 | ppc64le | podman-gvproxy | <Â 4.6.1-7.el9_3 | podman-gvproxy-4.6.1-7.el9_3.ppc64le.rpm |
| almalinux | 9 | ppc64le | podman-tests | <Â 4.6.1-7.el9_3 | podman-tests-4.6.1-7.el9_3.ppc64le.rpm |
| almalinux | 9 | aarch64 | podman-gvproxy | <Â 4.6.1-7.el9_3 | podman-gvproxy-4.6.1-7.el9_3.aarch64.rpm |
| almalinux | 9 | aarch64 | podman | <Â 4.6.1-7.el9_3 | podman-4.6.1-7.el9_3.aarch64.rpm |
| almalinux | 9 | aarch64 | podman-plugins | <Â 4.6.1-7.el9_3 | podman-plugins-4.6.1-7.el9_3.aarch64.rpm |
| almalinux | 9 | aarch64 | podman-remote | <Â 4.6.1-7.el9_3 | podman-remote-4.6.1-7.el9_3.aarch64.rpm |
References
access.redhat.com/errata/RHSA-2023:7765
access.redhat.com/security/cve/CVE-2023-29409
access.redhat.com/security/cve/CVE-2023-39318
access.redhat.com/security/cve/CVE-2023-39319
access.redhat.com/security/cve/CVE-2023-39321
access.redhat.com/security/cve/CVE-2023-39322
bugzilla.redhat.com/2228743
bugzilla.redhat.com/2237773
bugzilla.redhat.com/2237776
bugzilla.redhat.com/2237777
bugzilla.redhat.com/2237778
errata.almalinux.org/9/ALSA-2023-7765.html
Related
nessus
nessus
Oracle Linux 9 : buildah (ELSA-2023-7764)
2023-12-15 00:00:00
AlmaLinux 9 : skopeo (ALSA-2023:7762)
2023-12-15 00:00:00
RHEL 9 : podman (RHSA-2023:7765)
2023-12-12 00:00:00
oraclelinux
oraclelinux
podman security update
2023-12-14 00:00:00
skopeo security update
2023-12-13 00:00:00
containernetworking-plugins security update
2023-12-13 00:00:00
osv
osv
Moderate: podman security update
2023-12-12 00:00:00
Moderate: containernetworking-plugins security update
2023-12-12 00:00:00
Moderate: buildah security update
2023-12-12 00:00:00
redhat
redhat
(RHSA-2023:7764) Moderate: buildah security update
2023-12-12 16:42:31
(RHSA-2023:7765) Moderate: podman security update
2023-12-12 16:42:34
(RHSA-2023:7766) Moderate: containernetworking-plugins security update
2023-12-12 16:42:36
almalinux
almalinux
Moderate: containernetworking-plugins security update
2023-12-12 00:00:00
Moderate: skopeo security update
2023-12-12 00:00:00
Moderate: buildah security update
2023-12-12 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2023-09-06 00:00:00
openvas
openvas
openSUSE: Security Advisory for go1.21 (SUSE-SU-2023:3701-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:3840-1)
2024-03-04 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-3178)
2023-11-10 00:00:00
ibm
ibm
photon
photon
Moderate Photon OS Security Update - PHSA-2023-4.0-0484
2023-10-05 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0108
2023-10-05 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0665
2023-10-10 00:00:00
prion
prion
Code injection
2023-09-08 17:15:00
Design/Logic Flaw
2023-09-08 17:15:00
Code injection
2023-08-02 20:15:00
redhatcve
redhatcve
debiancve
debiancve
cvelist
cvelist
cgr
cgr
CVE-2023-39321 vulnerabilities
2024-05-17 09:07:10
CVE-2023-39322 vulnerabilities
2024-05-17 09:07:10
CVE-2023-29409 vulnerabilities
2024-05-17 09:07:10
veracode
veracode
Denial Of Service (DoS)
2023-10-02 20:14:46
Cross-Site Scripting (XSS)
2023-10-02 20:15:16
Cross-Site Scripting (XSS)
2023-10-03 07:01:30
wolfi
wolfi
CVE-2023-39322 vulnerabilities
2024-05-17 09:07:10
CVE-2023-39321 vulnerabilities
2024-05-17 09:07:10
CVE-2023-39319 vulnerabilities
2024-05-17 09:07:10
ubuntucve
ubuntucve
amazon
amazon
Medium: nerdctl
2023-08-17 11:58:00
Medium: cri-tools
2023-08-31 22:28:00
Important: golang
2023-10-16 13:45:00
cve
cve
alpinelinux
alpinelinux
cbl_mariner
cbl_mariner
CVE-2023-39318 affecting package golang for versions less than 1.20.10-1
2024-05-17 09:07:10
CVE-2023-29409 affecting package msft-golang for versions less than 1.20.7-1
2024-05-17 09:07:16
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in Golang Go
2023-08-21 15:59:26