Recommended update for podman, slirp4netns

Announcement ID: SUSE-RU-2020:0821-1
Rating: moderate
References:
Affected Products:
  • Containers Module 15-SP1
  • SUSE Linux Enterprise High Performance Computing 15 SP1
  • SUSE Linux Enterprise Server 15 SP1
  • SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1
  • SUSE Manager Proxy 4.0
  • SUSE Manager Retail Branch Server 4.0
  • SUSE Manager Server 4.0

An update that has one fix can now be installed.

Description:

This update for podman, slirp4netns fixes the following issues:

slirp4netns was updated to 0.4.4 (bsc#1167850):

  • libslirp: Update to v4.2.0:
  • New API function slirp_add_unix: add a forward rule to a Unix socket.
  • New API function slirp_remove_guestfwd: remove a forward rule previously added by slirp_add_exec, slirp_add_unix or slirp_add_guestfwd
  • New SlirpConfig.outbound_addr{,6} fields to bind output socket to a specific address
  • socket: do not fallback on host loopback if get_dns_addr() failed or the address is in slirp network
  • ncsi: fix checksum OOB memory access
  • tcp_emu(): fix OOB accesses
  • tftp: restrict relative path access
  • state: fix loading of guestfwd state

Update to 0.4.3:

  • api: raise an error if the socket path is too long
  • libslirp: update to v4.1.0: Including the fix for libslirp sends RST to app in response to arriving FIN when containerized socket is shutdown() with SHUT_WR
  • Fix create_sandbox error

Update to 0.4.2:

  • Do not propagate mounts to the parent ns in sandbox

Update to 0.4.1:

  • Support specifying netns path (slirp4netns --netns-type=path PATH TAPNAME)
  • Support specifying --userns-path
  • Vendor https://gitlab.freedesktop.org/slirp/libslirp (QEMU v4.1+)
  • Bring up loopback device when --configure is specified
  • Support sandboxing by creating a mount namespace (--enable-sandbox)
  • Support seccomp (--enable-seccomp)
  • Add new build dependencies libcap-devel and libseccomp-devel

Update to 0.3.3:

  • Fix use-after-free in libslirp

Update to 0.3.2:

  • Fix heap overflow in ip_reass on big packet input

Update to 0.3.1:

  • Fix use-after-free

Changes in podman:

  • Fixed dependency on slirp4netns. We need at least 0.4.0 now (bsc#1167850)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • Containers Module 15-SP1
    zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2020-821=1

Package List:

  • Containers Module 15-SP1 (aarch64 ppc64le s390x x86_64)
    • slirp4netns-debuginfo-0.4.4-3.6.1
    • slirp4netns-debugsource-0.4.4-3.6.1
    • slirp4netns-0.4.4-3.6.1
    • podman-1.8.0-4.20.1
  • Containers Module 15-SP1 (noarch)
    • podman-cni-config-1.8.0-4.20.1

References: