openSUSE Recommended Update: Recommended update for podman, slirp4netns ______________________________________________________________________________ Announcement ID: openSUSE-RU-2020:0456-1 Rating: moderate References: #1167850 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for podman, slirp4netns fixes the following issues: slirp4netns was updated to 0.4.4 (bsc#1167850): * libslirp: Update to v4.2.0: * New API function slirp_add_unix: add a forward rule to a Unix socket. * New API function slirp_remove_guestfwd: remove a forward rule previously added by slirp_add_exec, slirp_add_unix or slirp_add_guestfwd * New SlirpConfig.outbound_addr{,6} fields to bind output socket to a specific address * socket: do not fallback on host loopback if get_dns_addr() failed or the address is in slirp network * ncsi: fix checksum OOB memory access * tcp_emu(): fix OOB accesses * tftp: restrict relative path access * state: fix loading of guestfwd state Update to 0.4.3: * api: raise an error if the socket path is too long * libslirp: update to v4.1.0: Including the fix for libslirp sends RST to app in response to arriving FIN when containerized socket is shutdown() with SHUT_WR * Fix create_sandbox error Update to 0.4.2: * Do not propagate mounts to the parent ns in sandbox Update to 0.4.1: * Support specifying netns path (slirp4netns --netns-type=path PATH TAPNAME) * Support specifying --userns-path * Vendor https://gitlab.freedesktop.org/slirp/libslirp (QEMU v4.1+) * Bring up loopback device when --configure is specified * Support sandboxing by creating a mount namespace (--enable-sandbox) * Support seccomp (--enable-seccomp) - Add new build dependencies libcap-devel and libseccomp-devel Update to 0.3.3: * Fix use-after-free in libslirp Update to 0.3.2: * Fix heap overflow in `ip_reass` on big packet input Update to 0.3.1: * Fix use-after-free Changes in podman: - Fixed dependency on slirp4netns. We need at least 0.4.0 now (bsc#1167850) This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-456=1 Package List: - openSUSE Leap 15.1 (x86_64): podman-1.8.0-lp151.3.13.1 slirp4netns-0.4.4-lp151.2.6.1 slirp4netns-debuginfo-0.4.4-lp151.2.6.1 slirp4netns-debugsource-0.4.4-lp151.2.6.1 - openSUSE Leap 15.1 (noarch): podman-cni-config-1.8.0-lp151.3.13.1 References: https://bugzilla.suse.com/1167850