{"affected":[{"ecosystem_specific":{"binaries":[{"podman":"4.9.5-2.1","podman-docker":"4.9.5-2.1","podman-remote":"4.9.5-2.1","podmansh":"4.9.5-2.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"podman","purl":"pkg:rpm/suse/podman&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.9.5-2.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for podman fixes the following issues:\n\n- CVE-2024-9676: Fixed a denial of service via a symlink traversal in the containers/storage library (bsc#1231698)\n- CVE-2024-9341: Fixed FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (bsc#1231230)\n- CVE-2024-9675: Fixed caching of arbitrary directory mount (bsc#1231499)\n- CVE-2024-9407: Fixed improper input validation in bind-propagation option of Dockerfile RUN --mount instruction (bsc#1231208)\n","id":"SUSE-SU-2025:20080-1","modified":"2025-02-03T09:06:00Z","published":"2025-02-03T09:06:00Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520080-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231208"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231230"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231499"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231698"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6104"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-9341"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-9407"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-9675"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-9676"}],"related":["CVE-2024-6104","CVE-2024-9341","CVE-2024-9407","CVE-2024-9675","CVE-2024-9676"],"summary":"Security update for podman","upstream":["CVE-2024-6104","CVE-2024-9341","CVE-2024-9407","CVE-2024-9675","CVE-2024-9676"]}