Recommended update for podman, slirp4netns

SUSE Recommended Update: Recommended update for podman, slirp4netns
Announcement ID: SUSE-RU-2020:0821-1
Rating: moderate
References: #1167850
Affected Products:
  • SUSE Linux Enterprise Module for Containers 15-SP1

An update that has one recommended fix can now be installed.


This update for podman, slirp4netns fixes the following issues:
slirp4netns was updated to 0.4.4 (bsc#1167850):

  • libslirp: Update to v4.2.0: * New API function slirp_add_unix: add a forward rule to a Unix socket. * New API function slirp_remove_guestfwd: remove a forward rule previously added by slirp_add_exec, slirp_add_unix or slirp_add_guestfwd * New SlirpConfig.outbound_addr{,6} fields to bind output socket to a specific address * socket: do not fallback on host loopback if get_dns_addr() failed or the address is in slirp network * ncsi: fix checksum OOB memory access * tcp_emu(): fix OOB accesses * tftp: restrict relative path access * state: fix loading of guestfwd state

Update to 0.4.3:
  • api: raise an error if the socket path is too long
  • libslirp: update to v4.1.0: Including the fix for libslirp sends RST to app in response to arriving FIN when containerized socket is shutdown() with SHUT_WR
  • Fix create_sandbox error

Update to 0.4.2:
  • Do not propagate mounts to the parent ns in sandbox

Update to 0.4.1:
  • Support specifying netns path (slirp4netns --netns-type=path PATH TAPNAME)
  • Support specifying --userns-path
  • Vendor (QEMU v4.1+)
  • Bring up loopback device when --configure is specified
  • Support sandboxing by creating a mount namespace (--enable-sandbox)
  • Support seccomp (--enable-seccomp)
  • Add new build dependencies libcap-devel and libseccomp-devel

Update to 0.3.3:
  • Fix use-after-free in libslirp

Update to 0.3.2:
  • Fix heap overflow in `ip_reass` on big packet input

Update to 0.3.1:
  • Fix use-after-free

Changes in podman:
  • Fixed dependency on slirp4netns. We need at least 0.4.0 now (bsc#1167850)

Patch Instructions:

To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Module for Containers 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2020-821=1

Package List:

  • SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64):
    • podman-1.8.0-4.20.1
    • slirp4netns-0.4.4-3.6.1
    • slirp4netns-debuginfo-0.4.4-3.6.1
    • slirp4netns-debugsource-0.4.4-3.6.1
  • SUSE Linux Enterprise Module for Containers 15-SP1 (noarch):
    • podman-cni-config-1.8.0-4.20.1