Fedora Linux 8643 Published by

A podman-tui security update has been released for Fedora 39.



[SECURITY] Fedora 39 Update: podman-tui-0.12.0-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-327346caa5
2023-11-20 01:20:25.058000
--------------------------------------------------------------------------------

Name : podman-tui
Product : Fedora 39
Version : 0.12.0
Release : 1.fc39
URL : https://github.com/containers/podman-tui
Summary : Podman Terminal User Interface
Description :

podman-tui is a terminal user interface for Podman v4.
podman-tui is using podman.socket service to communicate with podman environment
and SSH to connect to remote podman machines.

--------------------------------------------------------------------------------
Update Information:

podman-tui v0.12.0 + security fix for CVE-2023-39325 and CVE-2022-41717 and
CVE-2022-41723
--------------------------------------------------------------------------------
ChangeLog:

* Sat Nov 11 2023 Navid Yaghoobi [navidys@fedoraproject.org] - 0.12.0-1
- release v0.12.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2163285 - CVE-2022-41717 podman-tui: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2163285
[ 2 ] Bug #2174538 - podman-tui: containerd: Supplementary groups are not set up properly [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2174538
[ 3 ] Bug #2178479 - CVE-2022-41723 podman-tui: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2178479
[ 4 ] Bug #2248400 - podman-tui: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2248400
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-327346caa5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--