bump podman to v3.0.1, Security fix for CVE-2021-20206


Resolves: #1919391, #1926796 - Security fix for CVE-2021-20206


Autobuilt v1.19.3


Autobuilt v1.19.2


Autobuilt v1.19.1


Autobuilt v1.19.0


harden cgo based golang binaries


Autobuilt v0.9.1

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2021-fb466fb623

This update has been submitted for testing by lsm5.

a year ago

This update's test gating status has been changed to 'failed'.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

lsm5 edited this update.

New build(s):

  • containers-common-1-4.fc33
  • skopeo-1.2.1-1.fc33

Karma has been reset.

a year ago

This update's test gating status has been changed to 'failed'.

a year ago

lsm5 edited this update.

New build(s):

  • buildah-1.19.4-2.fc33

Karma has been reset.

a year ago

This update has obsoleted buildah-1.19.4-1.fc33, and has inherited its bugs and notes.

a year ago

lsm5 edited this update.

New build(s):

  • containernetworking-plugins-0.9.1-2.fc33

Karma has been reset.

a year ago

This update has obsoleted containernetworking-plugins-0.9.1-1.fc33, and has inherited its bugs and notes.

a year ago
User Icon baude commented & provided feedback a year ago
karma

verified to work and ran through the core-os testing CI.

This update has been pushed to testing.

a year ago
User Icon cserpentis commented & provided feedback a year ago
karma

works for me

User Icon lbrabec commented & provided feedback a year ago
karma

podman works

This update has been submitted for stable by bodhi.

a year ago

FEDORA-2021-fb466fb623 ejected from the push because 'Required tests did not pass on this update'

a year ago
User Icon adelton commented & provided feedback a year ago
karma

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

a year ago
User Icon t3rm1n4l commented & provided feedback a year ago
karma

wfm

lsm5 edited this update.

New build(s):

  • podman-3.0.1-1.fc33
  • buildah-1.19.6-1.fc33
  • skopeo-1.2.2-1.fc33

Removed build(s):

  • buildah-1.19.4-2.fc33
  • podman-3.0.0-1.fc33
  • skopeo-1.2.1-1.fc33

Karma has been reset.

a year ago

This update has been submitted for testing by lsm5.

a year ago

This update has been pushed to testing.

a year ago

Not tested yet.

User Icon atim commented & provided feedback a year ago
karma

LGTM so far.

lsm5 edited this update.

New build(s):

  • buildah-1.19.6-2.fc33

Removed build(s):

  • buildah-1.19.6-1.fc33

Karma has been reset.

a year ago

This update has been submitted for testing by lsm5.

a year ago

lsm5 edited this update.

a year ago

This update has been pushed to testing.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'passed'.

a year ago
User Icon baude commented & provided feedback a year ago
karma

verified to work and ran through the core-os testing CI.

lsm5 edited this update.

a year ago
User Icon santiago commented & provided feedback a year ago
karma

LGTM. Tested podman, buildah, skopeo. There's one persistent buildah failure, in combination-namespaces, but that's a longstanding bug

This update can be pushed to stable now if the maintainer wishes

a year ago

This update has been submitted for stable by lsm5.

a year ago
User Icon mheon commented & provided feedback a year ago
karma

Works here

BZ#1919391 CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration
BZ#1925399 CVE-2021-20206 containernetworking-plugins: containernetworking-cni: Arbitrary path injection via type field in CNI configuration [fedora-all]
BZ#1926796 CVE-2021-20206 buildah: containernetworking-cni: Arbitrary path injection via type field in CNI configuration [fedora-all]
BZ#1926801 CVE-2021-20206 podman: containernetworking-cni: Arbitrary path injection via type field in CNI configuration [fedora-all]

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
modified
a year ago
BZ#1919391 CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration
0
1
BZ#1925399 CVE-2021-20206 containernetworking-plugins: containernetworking-cni: Arbitrary path injection via type field in CNI configuration [fedora-all]
0
1
BZ#1926796 CVE-2021-20206 buildah: containernetworking-cni: Arbitrary path injection via type field in CNI configuration [fedora-all]
0
1
BZ#1926801 CVE-2021-20206 podman: containernetworking-cni: Arbitrary path injection via type field in CNI configuration [fedora-all]
0
1

Automated Test Results