(RHSA-2020:1227) Moderate: podman security, bug fix, and enhancement update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

Security Fix(es):

• podman: resolving symlink in host filesystem leads to unexpected results of copy operation (CVE-2019-18466)

• containers/image: Container images read entire image manifest into memory (CVE-2020-1702)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• [extras-rhel-7] conmon binary stripped but debuginfo not generated (BZ#1650395)

• Cannot run systemd-container with SCL service due to RHSA-2019:2091 fix (BZ#1758509)

• Podman does not enforce registries.block in the registries.conf file (BZ#1787666)

• podman and podman-manpages needs merging (BZ#1788549)

• podman should be linked against gpgme-pthread (BZ#1793083)

• podman cannot support load tarball which the name with colon but docker can support this (BZ#1797599)

• podman (1.6.4) rhel 8.1 no route to host from inside container [extras-rhel-7.8/podman] (BZ#1806895)

• Podman can’t reuse a container name, even if the container that was using it is no longer around [extras-rhel-7.8/podman] (BZ#1807437)

• podman exec does not reads from stdin [extras-rhel-7.8/podman] (BZ#1807586)

• [FJ8.2 Bug]: [REG]The “–group-add” option of “podman create” doesn’t function. [extras-rhel-7.8/podman] (BZ#1808702)

Enhancement(s):

• [RFE] sctp support for podman (BZ#1664218)