An update for podman is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1690 Final 1.0 1.0 2025-06-27 Initial 2025-06-27 2025-06-27 openEuler SA Tool V1.0 2025-06-27 podman security update An update for podman is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1 Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fix(es): When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.(CVE-2023-45290) Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.(CVE-2024-24783) An update for podman is now available for master/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP1/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium podman https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1690 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-45290 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 podman-docker-0.10.1-10.oe2003sp4.noarch.rpm python3-podman-0.10.1-10.oe2003sp4.noarch.rpm python3-pypodman-0.10.1-10.oe2003sp4.noarch.rpm podman-docker-3.4.4-8.oe2203sp3.noarch.rpm podman-help-3.4.4-8.oe2203sp3.noarch.rpm podman-docker-3.4.4-8.oe2203sp4.noarch.rpm podman-help-3.4.4-8.oe2203sp4.noarch.rpm podman-docker-4.9.4-14.oe2403.noarch.rpm podman-help-4.9.4-14.oe2403.noarch.rpm podman-docker-4.9.4-14.oe2403sp1.noarch.rpm podman-help-4.9.4-14.oe2403sp1.noarch.rpm podman-0.10.1-10.oe2003sp4.aarch64.rpm podman-debuginfo-0.10.1-10.oe2003sp4.aarch64.rpm podman-debugsource-0.10.1-10.oe2003sp4.aarch64.rpm podman-help-0.10.1-10.oe2003sp4.aarch64.rpm podman-3.4.4-8.oe2203sp3.aarch64.rpm podman-debuginfo-3.4.4-8.oe2203sp3.aarch64.rpm podman-debugsource-3.4.4-8.oe2203sp3.aarch64.rpm podman-gvproxy-3.4.4-8.oe2203sp3.aarch64.rpm podman-plugins-3.4.4-8.oe2203sp3.aarch64.rpm podman-remote-3.4.4-8.oe2203sp3.aarch64.rpm podman-3.4.4-8.oe2203sp4.aarch64.rpm podman-debuginfo-3.4.4-8.oe2203sp4.aarch64.rpm podman-debugsource-3.4.4-8.oe2203sp4.aarch64.rpm podman-gvproxy-3.4.4-8.oe2203sp4.aarch64.rpm podman-plugins-3.4.4-8.oe2203sp4.aarch64.rpm podman-remote-3.4.4-8.oe2203sp4.aarch64.rpm podman-4.9.4-14.oe2403.aarch64.rpm podman-debuginfo-4.9.4-14.oe2403.aarch64.rpm podman-debugsource-4.9.4-14.oe2403.aarch64.rpm podman-gvproxy-4.9.4-14.oe2403.aarch64.rpm podman-plugins-4.9.4-14.oe2403.aarch64.rpm podman-remote-4.9.4-14.oe2403.aarch64.rpm podman-tests-4.9.4-14.oe2403.aarch64.rpm podmansh-4.9.4-14.oe2403.aarch64.rpm podman-4.9.4-14.oe2403sp1.aarch64.rpm podman-debuginfo-4.9.4-14.oe2403sp1.aarch64.rpm podman-debugsource-4.9.4-14.oe2403sp1.aarch64.rpm podman-gvproxy-4.9.4-14.oe2403sp1.aarch64.rpm podman-plugins-4.9.4-14.oe2403sp1.aarch64.rpm podman-remote-4.9.4-14.oe2403sp1.aarch64.rpm podman-tests-4.9.4-14.oe2403sp1.aarch64.rpm podmansh-4.9.4-14.oe2403sp1.aarch64.rpm podman-0.10.1-10.oe2003sp4.src.rpm podman-3.4.4-8.oe2203sp3.src.rpm podman-3.4.4-8.oe2203sp4.src.rpm podman-4.9.4-14.oe2403.src.rpm podman-4.9.4-14.oe2403sp1.src.rpm podman-0.10.1-10.oe2003sp4.x86_64.rpm podman-debuginfo-0.10.1-10.oe2003sp4.x86_64.rpm podman-debugsource-0.10.1-10.oe2003sp4.x86_64.rpm podman-help-0.10.1-10.oe2003sp4.x86_64.rpm podman-3.4.4-8.oe2203sp3.x86_64.rpm podman-debuginfo-3.4.4-8.oe2203sp3.x86_64.rpm podman-debugsource-3.4.4-8.oe2203sp3.x86_64.rpm podman-gvproxy-3.4.4-8.oe2203sp3.x86_64.rpm podman-plugins-3.4.4-8.oe2203sp3.x86_64.rpm podman-remote-3.4.4-8.oe2203sp3.x86_64.rpm podman-3.4.4-8.oe2203sp4.x86_64.rpm podman-debuginfo-3.4.4-8.oe2203sp4.x86_64.rpm podman-debugsource-3.4.4-8.oe2203sp4.x86_64.rpm podman-gvproxy-3.4.4-8.oe2203sp4.x86_64.rpm podman-plugins-3.4.4-8.oe2203sp4.x86_64.rpm podman-remote-3.4.4-8.oe2203sp4.x86_64.rpm podman-4.9.4-14.oe2403.x86_64.rpm podman-debuginfo-4.9.4-14.oe2403.x86_64.rpm podman-debugsource-4.9.4-14.oe2403.x86_64.rpm podman-gvproxy-4.9.4-14.oe2403.x86_64.rpm podman-plugins-4.9.4-14.oe2403.x86_64.rpm podman-remote-4.9.4-14.oe2403.x86_64.rpm podman-tests-4.9.4-14.oe2403.x86_64.rpm podmansh-4.9.4-14.oe2403.x86_64.rpm podman-4.9.4-14.oe2403sp1.x86_64.rpm podman-debuginfo-4.9.4-14.oe2403sp1.x86_64.rpm podman-debugsource-4.9.4-14.oe2403sp1.x86_64.rpm podman-gvproxy-4.9.4-14.oe2403sp1.x86_64.rpm podman-plugins-4.9.4-14.oe2403sp1.x86_64.rpm podman-remote-4.9.4-14.oe2403sp1.x86_64.rpm podman-tests-4.9.4-14.oe2403sp1.x86_64.rpm podmansh-4.9.4-14.oe2403sp1.x86_64.rpm When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines. 2025-06-27 CVE-2023-45290 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H podman security update 2025-06-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1690 Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates. 2025-06-27 CVE-2024-24783 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N podman security update 2025-06-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1690