FEDORA-2019-0937bbf558

security update in Fedora 30 for podman

Status: stable 4 days ago

Resolves: #1715668 - CVE-2019-10152

How to install

sudo dnf upgrade --advisory=FEDORA-2019-0937bbf558

Comments 10

This update has been submitted for testing by lsm5.

This update test gating status has been changed to 'waiting'.

This update test gating status has been changed to 'ignored'.

Tested with the Silverblue toolbox. This update fixes the regressions in podman-1.3.1.

karma: +1

Passes most of docker-autotest; regression on issue #980

I do believe that the addition of %{_libexecdir/crio in 8ee8c09 is a mistake that should be reverted.

karma: +1

This update has been pushed to testing.

Tested these together:

containernetworking-plugins-0.7.5-1.fc30.x86_64
podman-2:1.4.0-1.fc30.x86_64

WFM, fixes the rootless container issues i've had with podman 1.3.1

karma: +1

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Can't even install this since it has hit stable:

$ sudo dnf upgrade --advisory=FEDORA-2019-0937bbf558
 Problem 1: cannot install the best update candidate for package podman-2:1.3.1-1.git7210727.fc30.x86_64
  - nothing provides containernetworking-plugins >= 0.7.5-1 needed by podman-2:1.4.0-1.fc30.x86_64
 Problem 2: package podman-docker-2:1.4.0-1.fc30.noarch requires podman = 2:1.4.0-1.fc30, but none of the providers ca
n be installed
  - cannot install the best update candidate for package podman-docker-2:1.3.1-1.git7210727.fc30.noarch
  - nothing provides containernetworking-plugins >= 0.7.5-1 needed by podman-2:1.4.0-1.fc30.x86_64
======================================================================================================================
 Package                       Architecture           Version                           Repository               Size
======================================================================================================================
Skipping packages with broken dependencies:
 podman                        x86_64                 2:1.4.0-1.fc30                    updates                  11 M
 podman-docker                 noarch                 2:1.4.0-1.fc30                    updates                  46 k

Transaction Summary
======================================================================================================================
Skip  2 Packages
Nothing to do.
karma: -1
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+2
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 6 days ago
in testing 5 days ago
in stable 4 days ago

Related Bugs 1

00 #1715668 CVE-2019-10152 podman: Improper symlink resolution allows access to host files when executing `podman cp` on running containers [fedora-all]

Automated Test Results