The podman packages version podman-1.6.4-32.el7_9 as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 (https://access.redhat.com/errata/RHSA-2022:2190) included an incorrect version of podman that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2020-14370, that was previously corrected in the podman packages in Red Hat Enterprise Linux 7 Extras via RHSA-2020:5056 (https://access.redhat.com/errata/RHSA-2020:5056). The CVE-2022-2739 was assigned to this security regression and it is specific to the podman packages produced by Red Hat. The original issue - CVE-2020-14370 - could possibly allow an attacker to gain access to sensitive information stored in environment variables. For more details about the original issue, see: https://access.redhat.com/security/cve/CVE-2020-14370 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14370
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extras Via RHSA-2022:6119 https://access.redhat.com/errata/RHSA-2022:6119
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-2739