SUSE-RU-2020:0821-1: moderate: Recommended update for podman, slirp4netns

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Mar 31 10:18:15 MDT 2020 

   SUSE Recommended Update: Recommended update for podman, slirp4netns
______________________________________________________________________________

Announcement ID:    SUSE-RU-2020:0821-1
Rating:             moderate
References:         #1167850 
Affected Products:
                    SUSE Linux Enterprise Module for Containers 15-SP1
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for podman, slirp4netns fixes the following issues:

   slirp4netns was updated to 0.4.4 (bsc#1167850):

   * libslirp: Update to v4.2.0:
     * New API function slirp_add_unix: add a forward rule to a Unix socket.
     * New API function slirp_remove_guestfwd: remove a forward rule
       previously added by slirp_add_exec, slirp_add_unix or
       slirp_add_guestfwd
     * New SlirpConfig.outbound_addr{,6} fields to bind output socket to a
       specific address
     * socket: do not fallback on host loopback if get_dns_addr() failed or
       the address is in slirp network
     * ncsi: fix checksum OOB memory access
     * tcp_emu(): fix OOB accesses
     * tftp: restrict relative path access
     * state: fix loading of guestfwd state

   Update to 0.4.3:

   * api: raise an error if the socket path is too long
   * libslirp: update to v4.1.0: Including the fix for libslirp sends RST to
     app in response to arriving FIN when containerized socket is shutdown()
     with SHUT_WR
   * Fix create_sandbox error

   Update to 0.4.2:

   * Do not propagate mounts to the parent ns in sandbox

   Update to 0.4.1:

   * Support specifying netns path (slirp4netns --netns-type=path PATH
     TAPNAME)
   * Support specifying --userns-path
   * Vendor https://gitlab.freedesktop.org/slirp/libslirp (QEMU v4.1+)
   * Bring up loopback device when --configure is specified
   * Support sandboxing by creating a mount namespace (--enable-sandbox)
   * Support seccomp (--enable-seccomp)
   - Add new build dependencies libcap-devel and libseccomp-devel

   Update to 0.3.3:

   * Fix use-after-free in libslirp

   Update to 0.3.2:

   * Fix heap overflow in `ip_reass` on big packet input

   Update to 0.3.1:

   * Fix use-after-free

   Changes in podman:

   - Fixed dependency on slirp4netns. We need at least 0.4.0 now (bsc#1167850)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Containers 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2020-821=1



Package List:

   - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64):

      podman-1.8.0-4.20.1
      slirp4netns-0.4.4-3.6.1
      slirp4netns-debuginfo-0.4.4-3.6.1
      slirp4netns-debugsource-0.4.4-3.6.1

   - SUSE Linux Enterprise Module for Containers 15-SP1 (noarch):

      podman-cni-config-1.8.0-4.20.1


References:

   https://bugzilla.suse.com/1167850

More information about the sle-updates mailing list