Recommended update for podman, slirp4netns
SUSE Recommended Update: Recommended update for podman, slirp4netnsAnnouncement ID: | SUSE-RU-2020:0821-1 |
Rating: | moderate |
References: | #1167850 |
Affected Products: |
|
An update that has one recommended fix can now be installed.
Description:
This update for podman, slirp4netns fixes the following issues:
slirp4netns was updated to 0.4.4 (bsc#1167850):
- libslirp: Update to v4.2.0: * New API function slirp_add_unix: add a forward rule to a Unix socket. * New API function slirp_remove_guestfwd: remove a forward rule previously added by slirp_add_exec, slirp_add_unix or slirp_add_guestfwd * New SlirpConfig.outbound_addr{,6} fields to bind output socket to a specific address * socket: do not fallback on host loopback if get_dns_addr() failed or the address is in slirp network * ncsi: fix checksum OOB memory access * tcp_emu(): fix OOB accesses * tftp: restrict relative path access * state: fix loading of guestfwd state
Update to 0.4.3:
- api: raise an error if the socket path is too long
- libslirp: update to v4.1.0: Including the fix for libslirp sends RST to app in response to arriving FIN when containerized socket is shutdown() with SHUT_WR
- Fix create_sandbox error
Update to 0.4.2:
- Do not propagate mounts to the parent ns in sandbox
Update to 0.4.1:
- Support specifying netns path (slirp4netns --netns-type=path PATH TAPNAME)
- Support specifying --userns-path
- Vendor https://gitlab.freedesktop.org/slirp/libslirp (QEMU v4.1+)
- Bring up loopback device when --configure is specified
- Support sandboxing by creating a mount namespace (--enable-sandbox)
- Support seccomp (--enable-seccomp)
- Add new build dependencies libcap-devel and libseccomp-devel
Update to 0.3.3:
- Fix use-after-free in libslirp
Update to 0.3.2:
- Fix heap overflow in `ip_reass` on big packet input
Update to 0.3.1:
- Fix use-after-free
Changes in podman:
- Fixed dependency on slirp4netns. We need at least 0.4.0 now (bsc#1167850)
Patch Instructions:
To install this SUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Containers 15-SP1:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2020-821=1
Package List:
- SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64):
- podman-1.8.0-4.20.1
- slirp4netns-0.4.4-3.6.1
- slirp4netns-debuginfo-0.4.4-3.6.1
- slirp4netns-debugsource-0.4.4-3.6.1
- SUSE Linux Enterprise Module for Containers 15-SP1 (noarch):
- podman-cni-config-1.8.0-4.20.1