从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞编号:RHSA-2024:9051 2. 发布日期:2024年11月11日 3. 更新日期:2024年11月11日 4. 类型/严重性:安全公告,重要 5. 主题:podman安全更新 6. 描述: - podman工具管理容器、容器镜像和容器。 - podman是libpod库的一部分,用于使用容器pod的应用程序。 - podman工具存在几个安全漏洞,包括: - Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (CVE-2024-9407) - buildah: Buildah allows arbitrary directory mount (CVE-2024-9675) - Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (CVE-2024-9676) 7. 受影响的产品: - Red Hat Enterprise Linux for x86_64 9 x86_64 - Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 - Red Hat Enterprise Linux Server - AUS 9.4 x86_64 - Red Hat Enterprise Linux for IBM z Systems 9 s390x - Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x - Red Hat Enterprise Linux for Power, little endian 9 ppc64le - Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le - Red Hat Enterprise Linux for ARM 64 9 aarch64 - Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 - Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le - Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 - Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 - Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x 8. 修复: - BZ - 2315887 - CVE-2024-9407 Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction - BZ - 2317458 - CVE-2024-9675 buildah: Buildah allows arbitrary directory mount - BZ - 2317467 - CVE-2024-9676 Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) 9. CVEs: - CVE-2024-9407 - CVE-2024-9675 - CVE-2024-9676 10. 联系信息: - Red Hat安全联系人:secalert@redhat.com - 更多联系详情:https://access.redhat.com/security/team/contact/