[CLSA-2026:1782985538] podman: Fix of CVE-2026-55686
Type:
security
Severity:
Low
Release date:
2026-07-02 09:45:55 UTC
Description:
- CVE-2026-55686: replace the fragile isWorkDirSymlink symlink-chain walking in resolveWorkDir() with securejoin.SecureJoin(), scoping workdir resolution to the container mountpoint and letting the OCI runtime handle remaining symlink errors
CVEs fixed:
Updated packages:
  • podman-4.4.1-13.el9_2.tuxcare.els13.x86_64.rpm
    sha:b7a0be0134c233b5e0c528f50348361a2d0d9d2ca498a718c90fd3a48663c90a
  • podman-docker-4.4.1-13.el9_2.tuxcare.els13.noarch.rpm
    sha:2e1e323f789c2c98120fabf0ab9e2cb92a8da9c899ab6487f4350d8f122f582f
  • podman-gvproxy-4.4.1-13.el9_2.tuxcare.els13.x86_64.rpm
    sha:e1b5ce2533ca8e3a3af8b18239a6a26e5e3106804f97d9849a9368c375479f61
  • podman-plugins-4.4.1-13.el9_2.tuxcare.els13.x86_64.rpm
    sha:594d325360542d4d61747098359099aef33bdb67604713effd91fb1cb8387517
  • podman-remote-4.4.1-13.el9_2.tuxcare.els13.x86_64.rpm
    sha:7fd2252d854915c147bb51f759ae639671d9f10a75957d627634927fafd44d0f
  • podman-tests-4.4.1-13.el9_2.tuxcare.els13.x86_64.rpm
    sha:0489b35693f43c35cf1dfc8e0cfb6251d7249beae067673fe95c39f5f864dca5
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.