SUSE-SU-2025:20279-1: important: Security update for podman
SLE-UPDATES
null at suse.de
Wed Jun 4 07:28:27 UTC 2025
# Security update for podman
Announcement ID: SUSE-SU-2025:20279-1
Release Date: 2025-04-22T13:50:03Z
Rating: important
References:
* bsc#1221677
* bsc#1224112
* bsc#1231208
* bsc#1236270
* bsc#1236507
* bsc#1237641
* bsc#1239330
Cross-References:
* CVE-2023-45288
* CVE-2024-11218
* CVE-2024-1753
* CVE-2024-3727
* CVE-2024-9407
* CVE-2025-22869
* CVE-2025-27144
CVSS scores:
* CVE-2023-45288 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2023-45288 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-11218 ( SUSE ): 8.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2024-11218 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2024-11218 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2024-1753 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2024-1753 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2024-3727 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2024-3727 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2024-9407 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-9407 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
* CVE-2024-9407 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N
* CVE-2025-22869 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22869 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-27144 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-27144 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-27144 ( NVD ): 6.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products:
* SUSE Linux Micro 6.1
An update that solves seven vulnerabilities can now be installed.
## Description:
This update for podman fixes the following issues:
* CVE-2023-45288: Fixed closing connection when receiving too many headers
(bsc#1236507).
* CVE-2024-11218: Fixed container breakout by using --jobs=2 and a race
condition when building a malicious Containerfile (bsc#1236270).
* CVE-2025-22869: Fixed Denial of Service in the Key Exchange of
golang.org/x/crypto/ssh (bsc#1239330).
* CVE-2025-27144: Fixed Go JOSE's Parsing Vulnerable to Denial of Service
(bsc#1237641).
* CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of
Dockerfile RUN --mount Instruction (bsc#1231208).
* CVE-2024-3727: Fixed digest type (bsc#1224112).
* CVE-2024-1753: Fixed full container escape at build time (bsc#1221677).
Other fixes: \- Updated to version 5.2.5: * RPM: remove dup Provides * Packit:
constrain koji and bodhi jobs to fedora package to avoid dupes * Validate the
bind-propagation option to `--mount` * Updated Buildah to v1.37.4 * vendor:
updated c/common to v0.60.4 * pkg/specgen: allow pasta when running inside
userns * libpod: convert owner IDs only with :idmap * allow exposed sctp ports *
libpod: setupNetNS() correctly mount netns * vendor: updated c/common to v0.60.3
* [skip-ci] Packit: split out ELN jobs and reuse fedora downstream targets *
[skip-ci] Packit: Enable sidetags for bodhi updates * Updated gvisor-tap-vsock
to 0.7.5 * CI: podman-machine: do not use cache registry * [CI:DOCS] Add v5.2.2
lib updates to RELEASE_NOTES.md * Update RELEASE_NOTES for v5.2.2 * [v5.2] Bump
Buildah to v1.37.2, c/common v0.60.2, c/image v5.32.2 * [v5.2] golangci-lint:
make darwin linting happy * [v5.2] golangci-lint: make windows linting happy *
[v5.2] test/e2e: remove kernel version check * [v5.2] golangci-lint: remove most
skip dirs * [v5.2] set !remote build tags where needed * [v5.2] update golangci-
lint to 1.60.1 * Packit: update targets for propose-downstream * Create volume
path before state initialization * Update Cirrus DEST_BRANCH * Bump to
v5.2.2-dev * Bump to v5.2.1 * Update release notes for v5.2.1 * [v5.2] Add
zstd:chunked test fix * [v5.2] Bump Buildah to v1.37.1, c/common v0.60.1,
c/image v5.32.1 * libpod: reset state error on init * libpod: do not save
expected stop errors in ctr state * libpod: fix broken saveContainerError() *
Bump to v5.2.1-dev * Bump to v5.2.0 * Never skip checkout step in release
workflow * Bump to v5.2.0-dev * Bump to v5.2.0-rc3 * Update release notes for
v5.2.0-rc3 * Tweak versions in register_images.go * fix network cleanup flake in
play kube * WIP: Fixes for vendoring Buildah * Add --compat-volumes option to
build and farm build * Bump Buildah, c/storage, c/image, c/common * libpod: bind
ports before network setup * pkg/api: do not leak config pointers into specgen *
build: Update gvisor-tap-vsock to 0.7.4 * test/system: fix borken pasta
interface name checks * test/system: fix bridge host.containers.internal test *
CI: system tests: instrument to allow failure analysis * Use uploaded .zip for
Windows action * RPM: podman-iptables.conf only on Fedora * Bump to v5.2.0-dev *
Bump to v5.2.0-rc2 * Update release notes for v5.2.0-rc2 * test/e2e: fix ncat
tests * libpod: add hidden env to set sqlite timeout * Add support for
StopSignal in quadlet .container files * podman pod stats: fix race when ctr
process exits * Update module github.com/vbauerster/mpb/v8 to v8.7.4 * libpod:
correctly capture healthcheck output * Bump bundled krunkit to 0.1.2 * podman
stats: fix race when ctr process exists * nc -p considered harmful * podman pod
stats: fix pod rm race * podman ps: fix racy pod name query * system connection
remove: use Args function to validate * pkg/machine/compression: skip decompress
bar for empty file * nc -p considered harmful * podman system df: fix fix
ErrNoSuchCtr/Volume race * podman auto-update: fix ErrNoSuchCtr race * Fix name
for builder in farm connection * 700-play.bats: use unique
pod/container/image/volume names * safename: consistent within same test, and,
dashes * 700-kube.bats: refactor $PODMAN_TMPDIR/test.yaml * 700-play.bats:
eliminate $testYaml * 700-play.bats: refactor clumsy yamlfile creation *
700-play.bats: move _write_test_yaml up near top * chore(deps): update
dependency setuptools to v71 * Expand drop-in search paths * top-level (pod.d) *
truncated (unit-.container.d) * Remove references and checks for --gpus * Do not
crash on invalid filters * fix(deps): update module github.com/rootless-
containers/rootlesskit/v2 to v2.2.0 * Bump to v5.2.0-dev * Bump to v5.2.0-rc1 *
Keep the volume-driver flag deprecated * Vendor in latest containers(common,
storage,image, buildah) * System tests: safe container/image/volume/etc names *
Implement disable default mounts via command line * test: drop unmount for
overlay * test: gracefully terminate server * libpod: shutdown Stop waits for
handlers completion * libpod: cleanup store at shutdown * Add NetworkAlias=
support to quadlet * cmd: call shutdown handler stop function * fix race
conditions in start/attach logic * swagger: exlude new docker network types *
vendor: bump c/storage * update to docker 27 * contrib: use a distinct --pull-
option= for each flag * Update warning message when using external compose
provider * Update module github.com/cyphar/filepath-securejoin to v0.3.0 *
Ignore result of EvalSymlinks on ENOENT * test/upgrade: fix tests when netavark
uses nftables * test/system: fix network reload test with nftables * test/e2e:
rework some --expose tests * test: remove publish tests from e2e * CI: test
nftables driver on fedora * CI: use local registry, part 3 of 3: for developers
* CI: use local registry, part 2 of 3: fix tests * CI: use local registry, part
1 of 3: setup * CI: test composefs on rawhide * chore(deps): update module
google.golang.org/grpc to v1.64.1 [security] * chore(deps): update dependency
setuptools to ~=70.3.0 * Improve container filenname ambiguity. *
containers/attach: Note bug around goroutine leak * Drop minikube CI test * add
libkrun test docs * fix(deps): update module tags.cncf.io/container-device-
interface to v0.8.0 * cirrus: check for header files in source code check *
pkg/machine/e2e: run debug command only for macos * create runtime 's worker
queue before queuing any job * test/system: fix pasta host.containers.internal
test * Visual Studio BuildTools as a MinGW alternative * SetupRootless(): only
reexec when needed * pkg/rootless: simplify reexec for container code * cirrus:
add missing test/tools to danger files * fix(deps): update module
golang.org/x/tools to v0.23.0 * Windows Installer: switch to wix5 * fix(deps):
update module golang.org/x/net to v0.27.0 * pkg/machine/e2e: print tests timings
at the end * pkg/machine/e2e: run debug commands after init * pkg/machine/e2e:
improve timeout handling * libpod: first delete container then cidfile *
fix(deps): update module golang.org/x/term to v0.22.0 * System test fixes *
cirrus.yml: automatic skips based on source * fix(deps): update module
github.com/containers/ocicrypt to v1.2.0 * podman events: fix error race *
chore(deps): update dependency setuptools to ~=70.2.0 * fix(deps): update module
github.com/gorilla/schema to v1.4.1 [security] * Update CI VM images *
pkg/machine/e2e: fix broken cleanup * pkg/machine/e2e: use tmp file for
connections * test/system: fix podman --image-volume to allow tmpfs storage *
CI: mount tmpfs for container storage * docs: --network remove missing leading
sentence * specgen: parse devices even with privileged set * vendor: update
c/storage * Remove the unused machine volume-driver * feat(quadlet): log option
handling * Error when machine memory exceeds system memory * machine: Always use
--log-file with gvproxy * CI: Build-Each-Commit test: run only on PRs * Small
fixes for testing libkrun * Podman machine resets all providers * Clearly
indicate names w/ URLencoded duplicates * [skip-ci] Packit: split rhel and
centos-stream jobs * apple virtiofs: fix racy mount setup * cirrus: fix broken
macos artifacts URL * libpod/container_top_linux.c: fix missing header *
refactor(build): improve err when file specified by -f does not exist * Minor:
Remove unhelpful comment * Update module github.com/openshift/imagebuilder to
v1.2.11 * Minor: Rename the OSX Cross task * [skip-ci] Remove conditionals from
changelog * podman top: join the container userns * Run linting in parallel with
building * Fix missing Makefile target dependency * build API: accept platform
comma separated * [skip-ci] RPM: create podman-machine subpackage *
ExitWithError() - more upgrades from Exit() * test/e2e: remove podman system
service tests * cirrus: reduce int tests timeout * cirrus: remove redundant skip
logic * pkg/machine/apple: machine stop timeout * CI: logformatter: link to
correct PR base * Update module github.com/crc-org/crc/v2 to v2.38.0 *
ExitWithError(): continued * test/system: Add test steps for journald log check
in quadlet * restore: fix missing network setup * podman run use pod userns even
with --pod-id-file * macos-installer: bundle krunkit * remote API: fix pod top
error reporting * libpod API: return proper error status code for pod start *
fix #22233 * added check for `registry.IsRemote()`. and correct error message. *
fix #20686 * pkg/machine/e2e: Remove unnecessary copy of machine image. *
libpod: intermediate mount if UID not mapped into the userns * libpod: avoid
chowning the rundir to root in the userns * libpod: do not chmod bind mounts *
libpod: unlock the thread if possible * CI Cleanup: Remove cgroups v1 support *
ExitWithError() - more upgrades from Exit() * remote: fix incorrect
CONTAINER_CONNECTION parsing * container: pass KillSignal and StopTimeout to the
systemd scope * libpod: fix comment * e2e: test container restore in pod by name
* docs: Adds all PushImage supported paramters to openapi docs. * systests:
kube: bump up a timeout * cirrus.yml: add CI:ALL mode to force all tests *
cirrus.yml: implement skips based on source changes * CI VMs: bump * restore:
fix container restore into pod * sqlite_state: Fix RewriteVolumeConfig *
chore(deps): update dependency setuptools to ~=70.1.0 * Quadlet - use specifier
for unescaped values for templated container name * cirrus: check for system
test leaks in nightly * test/system: check for leaks in teardown suite *
test/system: speed up basic_() * test/system: fix up many tests that do not
cleanup * test/system: fix podman --authfile=nonexistent-path * Update module
github.com/containernetworking/plugins to v1.5.1 * Update module
github.com/checkpoint-restore/checkpointctl to v1.2.1 * Update module
github.com/spf13/cobra to v1.8.1 * Update module github.com/gorilla/schema to
v1.4.0 * pkg/machine/wsl: force terminate wsl instance * pkg/machine/wsl: wrap
command errors * [CI:DOCS] Quadlet - add note about relative path resolution *
CI: do not install python packages at runtime * Release workflow: Include
candidate descriptor * Minor: Fix indentation in GHA release workflow * GHA:
Send release notification mail * GHA: Validate release version number * Remove
references to --pull=true and --pull=false * ExitWithError, continued * podman:
add new hidden flag --pull-option * [CI:DOCS] Fix typos in podman-build * infra:
mark storageSet when imagestore is changed * [CI:DOCS] Add jnovy as reviewer and
approver * fix(deps): update module google.golang.org/protobuf to v1.34.2 *
refactor(machine,wsl): improve operations of Windows API * --squash
--layers=false should be allowed * fix(deps): update module
github.com/checkpoint-restore/checkpointctl to v1.2.0 * update golangci-lint to
v1.59.1 * Rename master to main in CONTRIBUTING.md * podman 5, pasta and inter-
container networking * libpod: do not resuse networking on start *
machine/linux: Switch to virtiofs by default * machine/linux: Support virtiofs
mounts (retain 9p default) * machine/linux: Use memory-backend-memfd by default
* ExitWithError() - continued * Enable libkrun provider to open a debug console
* Add new targets on Windows makefile (winmake.ps1) * fix(deps): update module
github.com/docker/docker to v26.1.4+incompatible * fix(deps): update module
github.com/crc-org/crc/v2 to v2.37.1 * fix(deps): update module
golang.org/x/tools to v0.22.0 * fix(deps): update module golang.org/x/net to
v0.26.0 * libpod: fix 'podman kube generate' on FreeBSD * fix(deps): update
module golang.org/x/sys to v0.21.0 * libpod: do not leak systemd hc startup unit
timer * vendor latest c/common * pkg/rootless: set _CONTAINERS_USERNS_CONFIGURED
correctly * run bats -T, to profile timing hogs * test/system: speed up podman
ps --external * test/system: speed up podman network connect/disconnect *
test/system: speed up podman network reload * test/system: speed up quadlet -
pod simple * test/system: speed up podman parallel build should not race *
test/system: speed up podman cp dir from host to container * test/system: speed
up podman build - workdir, cmd, env, label * test/system: speed up podman --log-
level recognizes log levels * test/system: remove obsolete debug in net
connect/disconnect test * test/system: speed up quadlet - basic * test/system:
speed up user namespace preserved root ownership * System tests: add `podman
system check` tests * Add `podman system check` for checking storage consistency
* fix(deps): update module github.com/crc-org/crc/v2 to v2.37.0 * fix(libpod):
add newline character to the end of container's hostname file * fix(deps):
update module github.com/openshift/imagebuilder to v1.2.10 * fix(deps): update
github.com/containers/image/v5 digest to aa93504 * Fix 5.1 release note re:
runlabel * test/e2e: use local skopeo not image * fix(deps): update
golang.org/x/exp digest to fd00a4e * [CI:DOCS] Add contrib/podmanimage/stable
path back in repo * chore(deps): update dependency requests to ~=2.32.3 *
fix(deps): update github.com/containers/image/v5 digest to 2343e81 * libpod: do
not move podman with --cgroups=disabled * Update release notes on Main to v5.1.0
* test: look at the file base name * tests: simplify expected output * Sigh, new
VMs again * Fail earlier when no containers exist in stats * Add Hyper-V option
in windows installer * libpod: cleanup default cache on system reset * vendor:
update c/image * test/system: speed up kube generate tmpfs on /tmp *
test/system: speed up podman kube play tests * test/system: speed up podman
shell completion test * test/system: simplify test signal handling in containers
* test/system: speed up podman container rm ... * test/system: speed up podman
ps - basic tests * test/system: speed up read-only from containers.conf *
test/system: speed up podman logs - multi ... * test/system: speed up podman run
--name * Debian: switch to crun * test/system: speed up podman generate systemd
- envar * test/system: speed up podman-kube at .service template * test/system:
speed up kube play healthcheck initialDelaySeconds * test/system: speed up exit-
code propagation test * test/system: speed up "podman run --timeout" *
test/system: fix slow kube play --wait with siginterrupt * undo auto-formatting
* test/system: speed up podman events tests * Quadlet: Add support for .build
files * test/system: speed up "podman auto-update using systemd" * test/system:
remove podman wait test * tests: disable tests affected by a race condition *
update golangci-lint to v1.59.0 * kubernetes_support.md: Mark
volumeMounts.subPath as supported * working name of pod on start and stop *
fix(deps): update module github.com/onsi/ginkgo/v2 to v2.19.0 * Bump Buildah to
v1.36.0 * fix(deps): update module github.com/burntsushi/toml to v1.4.0 * fix
typo in Tutorials.rst * Mac PM test: Require pre-installed rosetta * test/e2e:
fix new error message * Add configuration for podmansh * Update
containers/common to latest main * Only stop chowning volumes once they're not
empty * podman: fix --sdnotify=healthy with --rm * libpod: wait another interval
for healthcheck * quadlet: Add a network requirement on .image units * test,
pasta: Ignore deprecated addresses in tests * [CI:DOCS] performance: update
network docs * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.18.0 *
CI: disable minikube task * [CI:DOCS] Fix windows action trigger * chore(deps):
update dependency setuptools to v70 * Check AppleHypervisor before accessing it
* fix(deps): update module github.com/containernetworking/plugins to v1.5.0 *
[CI:DOCS] Update dependency golangci/golangci-lint to v1.58.2 * add podman-
clean-transient.service service to rootless * [CI:DOCS] Update podman network
docs * fix incorrect host.containers.internal entry for rootless bridge mode *
vendor latest c/common main * Add Rosetta support for Apple Silicon mac * bump
main to 5.2.0-dev * Use a defined constant instead of a hard-coded magic value *
cirrus: use faster VM's for integration tests * fix(deps): update
github.com/containers/gvisor-tap-vsock digest to 01a1a0c * [CI:DOCS] Fix Mac pkg
link * test: remove test_podman* scripts * test/system: fix documentation *
Return StatusNotFound when multiple volumes matching occurs * container_api: do
not wait for healtchecks if stopped * libpod: wait for healthy on main thread *
`podman events`: check for an error after we finish reading events * remote API:
restore v4 payload in container inspect * Fix updating connection when SSH port
conflict happens * rootless: fix reexec to use /proc/self/exe * ExitWithError()
- enforce required exit status & stderr * ExitWithError() - a few that I missed
* [skip-ci] Packit: use only one value for `packages` key for `trigger: commit`
copr builds * Revert "Temporarily disable rootless debian e2e testing" * CI
tests: enforce TMPDIR on tmpfs * use new CI images with tmpfs /tmp * run e2e
test on tmpfs * Update module github.com/crc-org/crc/v2 to v2.36.0 * [CI:DOCS]
Use checkout at v4 in GH Actions * ExitWithError() - rmi_test * ExitWithError() -
more r files * ExitWithError() - s files * ExitWithError() - more run_xxx tests
* Fix podman-remote support for `podman farm build` * [CI:DOCS] Trigger windows
installer action properly * Revert "container stop: kill conmon" * Ensure that
containers do not get stuck in stopping * [CI:DOCS] Improvements to make
validatepr * ExitWithError() - rest of the p files * [CI:DOCS] Update dependency
golangci/golangci-lint to v1.58.1 * Graceful shutdown during podman kube down *
Remove duplicate call * test/system: fix broken "podman volume globs" test *
Quadlet/Container: Add GroupAdd option * Don't panic if a runtime was configured
without paths * update c/{buildah,common,image,storage} to latest main * update
golangci-lint to 1.58 * machine: Add LibKrun provider detection *
ExitWithError() - continue tightening * fix(deps): update module
google.golang.org/protobuf to v1.34.1 * test: improve test for powercap presence
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.3 * fix(deps):
update module go.etcd.io/bbolt to v1.3.10 * fix(deps): update module
golang.org/x/tools to v0.21.0 * [skip-ci] RPM: `bats` required only on Fedora *
fix(deps): update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842
* gpdate and remove parameter settings in `.golangci.yml` * ExitWithError() -
play_kube_test.go * Temporarily disable rootless debian e2e testing * fix(deps):
update module golang.org/x/crypto to v0.23.0 * CI Docs: Clarify
passthrough_envars() comments * Skip machine tests if they don't need to be run
* Update CI VMs to F40, F39, D13 * ExitWithError() - v files * Update module
golang.org/x/term to v0.20.0 * machine: Add provider detection API * util:
specify a not empty pause dir for root too * Add missing option 'healthy' to
output of `podman run --help` * [CI:DOCS] Add info on the quay.io images to the
README.md * Add a random suffix to healthcheck unit names * test/e2e: remove
toolbox image * Also substitute $HOME in runlabel with user's homedir * Update
module github.com/cyphar/filepath-securejoin to v0.2.5 * Change tmpDir for macOS
* ExitWithError() - pod_xxx tests * ExitWithError() -- run_test.go * Update
module golang.org/x/exp to v0.0.0-20240416160154-fe59bbe5cc7f * Update module
github.com/shirou/gopsutil/v3 to v3.24.4 * Update module
github.com/docker/docker to v26.1.1+incompatible * GHA: Attempt fix exceeded a
secondary rate limit * vendor ginkgo 2.17.2 into test/tools * Fix machine
volumes with long path and paths with dashes * Update module
google.golang.org/protobuf to v1.34.0 * Update module github.com/crc-org/crc/v2
to v2.35.0 * Update module github.com/onsi/gomega to v1.33.1 * test/e2e: podman
unshare image mount fix tmpdir leak * test/e2e: do not leak /tmp/private_file *
test/e2e: "persistentVolumeClaim with source" do not leak file * e2e tests: use
/var/tmp, not $TMPDIR, as workdirs * Update dependency pytest to v8.1.2 * Remove
unncessary lines at the end of specfile summary * Clean machine pull cache * Add
krun support to podman machine * Use custom image for make validatepr *
test/e2e: force systemd cgroup manager * e2e and bindings tests: fix $PATH setup
* Makefile: remove useless HACK variable in e2e test * test/e2e: fix volumes and
suid/dev/exec options * test/e2e: volumes and suid/dev/exec options works remote
* test/e2e: fix limits test * Update module github.com/rootless-
containers/rootlesskit/v2 to v2.1.0 * Correct option name `ip` -> `ip6` * Add
the ability to automount images as volumes via play * Add support for image
volume subpaths * Bump Buildah to latest main * Update Makefile to Go 1.22 for
in-container * ExitWithError() - yet more low-hanging fruit * ExitWithError() -
more low-hanging fruit * ExitWithError() - low-hanging fruit * chore: fix
function names in comment * Remove redundant Prerequisite before build section *
Remove PKG_CONFIG_PATH * Add installation instructions for openSUSE * Replace
golang.org/x/exp/slices with slices from std * Update to go 1.21 * fix(deps):
update module github.com/docker/docker to v26.1.0+incompatible * [CI:DOCS] Fix
artifact action * [skip-ci] Packit/rpm: remove el8 jobs and spec conditionals *
e2e tests: stop littering * [CI:DOCS] format podman-pull example as code *
[CI:DOCS] Build & upload release artifacts with GitHub Actions * libpod:
getHealthCheckLog() remove unessesary check * add containers.conf
healthcheck_events support * vendor latest c/common * libpod: make healthcheck
events more efficient * libpod: wrap store setup error message * [skip-ci]
Packit: enable CentOS 10 Stream build jobs * pkg/systemd: use
fileutils.(Le|E)xists * pkg/bindings: use fileutils.(Le|E)xists * pkg/util: use
fileutils.(Le|E)xists * pkg/trust: use fileutils.(Le|E)xists * pkg/specgen: use
fileutils.(Le|E)xists * pkg/rootless: use fileutils.(Le|E)xists * pkg/machine:
use fileutils.(Le|E)xists * pkg/domain: use fileutils.(Le|E)xists * pkg/api: use
fileutils.(Le|E)xists * libpod: use fileutils.(Le|E)xists * cmd: use
fileutils.(Le|E)xists * vendor: update containers/{buildah,common,image,storage}
* fix(deps): update module github.com/docker/docker to v26.0.2+incompatible
[security] * fix podman-pod-restart.1.md typo * [skip-ci] Packit: switch to EPEL
instead of centos-stream+epel-next * fix(deps): update module
github.com/onsi/gomega to v1.33.0 * Add more annnotation information to podman
kupe play man page * test/compose: remove compose v1 code * CI: remove compose
v1 tests * fix: close resource file * [CI:DOCS] Fix windows installer action *
fix(deps): update module tags.cncf.io/container-device-interface to v0.7.2 * add
`list` as an alias to list networks * Add support for updating restart policy *
Add Compat API for Update * Make `podman update` changes persistent * Emergency
fix (well, skip) for failing bud tests * fix swagger doc for manifest create *
[CI:DOCS] options/network: fix markdown lists * Makefile: do not hardcode `GOOS`
in `podman-remote-static` target * chore(deps): update module
golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency
setuptools to ~=69.5.0 * Fix some comments * swagger fix infinitive recursion on
some types * install swagger from source * Revert "Swap out javascript engine" *
podman exec CID without command should exit 125 * (minor) prefetch systemd image
before use * Update go-swagger version * Swap out javascript engine * fix(deps):
update module github.com/docker/docker to v26.0.1+incompatible * Add os, arch,
and ismanifest to libpod image list * [CI:DOCS]Initial PR validation *
fix(deps): update github.com/containers/gvisor-tap-vsock digest to d744d71 *
vendor ginkgo 2.17.1 into test/tools * fix "concurrent map writes" in network ls
compat endpoint * chore(deps): update dependency pytest to v8 * e2e: redefine
ExitWithError() to require exit code * docs: fix missleading run/create --expose
description * podman ps: show exposed ports under PORTS as well * rootless: drop
function ReadMappingsProc * fix(deps): update module
github.com/vbauerster/mpb/v8 to v8.7.3 * New CI VMs, to give us pasta 2024-04-05
* Add big warning to GHA workflow * GHA: Fix intermittent workflow error *
fix(deps): update module golang.org/x/tools to v0.20.0 * e2e tests: remove
requirement for fuse-overlayfs * docs: update Quadlet volume Options desc *
fix(deps): update module golang.org/x/sync to v0.7.0 * Fix relabeling failures
with Z/z volumes on Mac * fix(deps): update module golang.org/x/net to v0.24.0 *
Makefile: fix annoying errors in docs generation * chore: fix function names in
comment * Bump tags.cncf.io/container-device-interface to v0.7.1 * fix(deps):
update module golang.org/x/crypto to v0.22.0 * Detect unhandled reboots and
require user intervention * podman --runroot: remove 50 char length restriction
* update github.com/rootless-containers/rootlesskit to v2 * Update module
github.com/gorilla/schema to v1.3.0 * Update dependency requests-mock to
~=1.12.1 * Update module github.com/crc-org/crc/v2 to v2.34.1 * rm --force work
for more than one arg * [CI:DOCS] Update kube docs * fix(deps): update module
github.com/shirou/gopsutil/v3 to v3.24.3 * [CI:DOCS] Add GitHub action to update
version on Podman.io * [CI:DOCS] Update dependency golangci/golangci-lint to
v1.57.2 * Windows: clean up temporary perl install * pkg/util: FindDeviceNodes()
ignore ENOENT errors * [CI:DOCS] build deps: make-validate needs docs *
test/system: add rootless-netns test for setup errors * vendor latest c/common
main * container: do not chown to dest target with U * [CI:DOCS] golangci-lint:
update deprecated flags * systests: conditionalize slirp4netns tests * CI:
systests: instrument flaky tests * s3fs docs * test: do not skip tests under
rootless * Add note about host networking to Kube PublishPort option * Inject
additional build tags from the environment * libpod: use original IDs if idmap
is provided * Switch back to checking out the same branch the action script runs
in * docs/podman-login: Give an example of writing the persistent path * CI:
Bump VMs to 2024-03-28 * [skip-ci] Update dawidd6/action-send-mail action to
v3.12.0 * fix(deps): update module github.com/openshift/imagebuilder to v1.2.7 *
Fix reference to deprecated types.Info * Use logformatter for
podman_machine_windows_task * applehv: Print vfkit logs in --log-level debug *
[CI:DOCS]Add Mario to reviewers list * [CI:DOCS] Document CI-maintenance job
addition * Add golang 1.21 update warning * Add rootless network command to
`podman info` * libpod: don't warn about cgroupsv1 on FreeBSD * hyperv: error if
not admin * Properly parse stderr when updating container status * [skip-ci]
Packit: specify fedora-latest in propose-downstream * Use built-in ssh impl for
all non-pty operations * Add support for annotations * hyperv: fix machine rm -r
* [skip-ci] Packit: Enable CentOS Stream 10 update job * 5.0 release note fix
typo in cgroupv1 env var * fix remote build isolation on client side * chore:
remove repetitive words * Dont save remote context in temp file but stream and
extract * fix remote build isolation when server runs as root * util: use
private propagation with bind * util: add some tests for ProcessOptions * util:
refactor ProcessOptions into an internal function * util: rename files to snake
case * Add LoongArch support for libpod * fix(deps): update
github.com/containers/common digest to bc5f97c * [CI:DOCS] Update dependency
golangci/golangci-lint to v1.57.1 * fix(deps): update module
github.com/docker/docker to v25.0.5+incompatible [security] * fix(deps): update
module github.com/onsi/gomega to v1.32.0 * [CI:DOCS] Update dependency
golangci/golangci-lint to v1.57.0 * Update module github.com/cpuguy83/go-
md2man/v2 to v2.0.4 * Fix type-o * Use correct extension in suite * minikube:
instrument tests, to allow debugging failures * libpod: restart always
reconfigure the netns * use new c/common pasta2 setup logic to fix dns * utils:
drop conversion float->string->float * utils: do not generate duplicate range *
logformatter: handle Windows logs * utils: add test for the new function *
utils: move rootless code to a new function * xref-helpmsgs-manpages: cross-
check Commands.rst * test/system: Add support for multipath routes in pasta
networking tests * [skip-ci] rpm: use macro supported vendoring * Adjust to the
standard location of gvforwarder used in new images * Makefile: add target
`podman-remote-static` * Switch to 5.x WSL machine os stream using new
automation * Cleanup build scratch dir if remote end disconnects while passing
the context * bump main to 5.1.0-dev * Use faster gzip for compression for 3x
speedup for sending large contexts to remote * pkg/machine: make
checkExclusiveActiveVM race free * pkg/machine/wsl: remove unused
CheckExclusiveActiveVM() * pkg/machine: CheckExclusiveActiveVM should also check
for starting * pkg/machine: refresh config after we hold lock * Update
dependency setuptools to ~=69.2.0 * [skip-ci] rpm: update containers-common dep
on f40+ * fix invalid HTTP header values when hijacking a connection * Add doc
to build podman on windows without MSYS * Removing CRI-O related annotations *
fix(deps): update module github.com/containers/ocicrypt to v1.1.10 * Pass the
restart policy to the individual containers * kube play: always pull when both
imagePullPolicy and tag are missing
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Micro 6.1
zypper in -t patch SUSE-SLE-Micro-6.1-76=1
## Package List:
* SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64)
* podman-remote-debuginfo-5.2.5-slfo.1.1_1.1
* podman-debuginfo-5.2.5-slfo.1.1_1.1
* podman-remote-5.2.5-slfo.1.1_1.1
* podman-5.2.5-slfo.1.1_1.1
* SUSE Linux Micro 6.1 (noarch)
* podman-docker-5.2.5-slfo.1.1_1.1
## References:
* https://www.suse.com/security/cve/CVE-2023-45288.html
* https://www.suse.com/security/cve/CVE-2024-11218.html
* https://www.suse.com/security/cve/CVE-2024-1753.html
* https://www.suse.com/security/cve/CVE-2024-3727.html
* https://www.suse.com/security/cve/CVE-2024-9407.html
* https://www.suse.com/security/cve/CVE-2025-22869.html
* https://www.suse.com/security/cve/CVE-2025-27144.html
* https://bugzilla.suse.com/show_bug.cgi?id=1221677
* https://bugzilla.suse.com/show_bug.cgi?id=1224112
* https://bugzilla.suse.com/show_bug.cgi?id=1231208
* https://bugzilla.suse.com/show_bug.cgi?id=1236270
* https://bugzilla.suse.com/show_bug.cgi?id=1236507
* https://bugzilla.suse.com/show_bug.cgi?id=1237641
* https://bugzilla.suse.com/show_bug.cgi?id=1239330
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20250604/99fc751e/attachment.htm>
More information about the sle-updates
mailing list