The podman packages version podman-1.6.4-32.el7_9 as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 (https://access.redhat.com/errata/RHSA-2022:2190) included an incorrect version of podman that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2020-8945, that was previously corrected in the podman packages in Red Hat Enterprise Linux 7 Extras via RHSA-2020:2117 (https://access.redhat.com/errata/RHSA-2020:2117). The CVE-2022-2738 was assigned to this security regression and it is specific to the podman packages produced by Red Hat. The original issue - CVE-2020-8945 - could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification. For more details about the original issue, see: https://access.redhat.com/security/cve/CVE-2020-8945 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-8945
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extras Via RHSA-2022:6119 https://access.redhat.com/errata/RHSA-2022:6119
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-2738