从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞编号:RHSA-2024:9454 2. 发布日期:2024年11月12日 3. 更新日期:2024年11月12日 4. 类型/严重性:安全公告,重要 5. 主题:podman安全更新 6. 描述: - podman工具管理pod、容器镜像和容器。 - podman是libpod库的一部分,用于使用容器pod的应用程序。 - podman是Kubernetes中的一个概念。 7. 安全修复: - go/parser: golang:调用包含深嵌套字面量的Parse函数会导致panic/stack exhaustion (CVE-2024-34155) - encoding/gob: golang:调用Decoder.Decode在包含深嵌套结构的消息上会导致panic由于stack exhaustion (CVE-2024-34156) - go/build/constraint: golang:调用Parse在“// +build”构建标签行上与深嵌套表达式会导致panic由于stack exhaustion (CVE-2024-34158) - Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (CVE-2024-9341) - Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (CVE-2024-9407) - buildah: Buildah allows arbitrary directory mount (CVE-2024-9675) - Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (CVE-2024-9676) 8. 受影响的产品: - Red Hat Enterprise Linux for x86_64 9 x86_64 - Red Hat Enterprise Linux for IBM z Systems 9 s390x - Red Hat Enterprise Linux for Power, little endian 9 ppc64le - Red Hat Enterprise Linux for ARM 64 9 aarch64 9. 修复: - BZ-2310527 - CVE-2024-34155 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion - BZ-2310528 - CVE-2024-34156 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion - BZ-2310529 - CVE-2024-34158 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion - BZ-2315691 - CVE-2024-9341 Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library - BZ-2315887 - CVE-2024-9407 Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction - BZ-2317458 - CVE-2024-9675 buildah: Buildah allows arbitrary directory mount - BZ-2317467 - CVE-2024-9676 Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) - RHEL-61249 - podman gating: test CNI - RHEL-60263 - [podman] can't upgrade podman-4.9.4-10.el9_4 to podman-5.2.2-3.el9_5 10. CVEs: - CVE-2024-9341 - CVE-2024-9407 - CVE-2024-9675 - CVE-2024-9676 - CVE-2024-34155 - CVE-2024-34156 - CVE-2024-34158 这些信息提供了关于podman安全更新的详细描述,包括已知的漏洞、受影响的产品、修复措施和相关的CVE编号。