vanimi
Cadet
Cadet
  • 203 Views

Vulnerabilities in podman dependency

We are building an image based on UBI 8.5. In the Dockerfile, we install the podman package which in turn installs its dependencies. One of the dependencies slirp4netns has a vulnerable version (CVE-2022-27649,CVE-2022-27651) in the ubi-8-appstream repo, but has an updated version in the rhel-8-for-x86_64-appstream-rpms repo. How can we upgrade the slirp4netns package from the rhel8 appstream repo? We tried calling dnf update/upgrade and yum update, but they did not update the package.

Labels (1)
0 Kudos
0 Replies
Join the discussion
You must log in to join this conversation.