Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update: podman, containers-storage #1575

Open
dongsupark opened this issue Nov 1, 2024 · 0 comments
Open

update: podman, containers-storage #1575

dongsupark opened this issue Nov 1, 2024 · 0 comments
Labels
advisory security advisory cvss/MEDIUM >= 4 && < 7 assessed CVSS security security concerns

Comments

@dongsupark
Copy link
Member

Name: podman, containers-storage
CVEs: CVE-2024-9676
CVSSs: 6.5
Action Needed: update to podman >= 5.2.5, containers-storage >= 1.55.1

Summary: A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (--userns=auto in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.

refmap.gentoo:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
advisory security advisory cvss/MEDIUM >= 4 && < 7 assessed CVSS security security concerns
Projects
Development

No branches or pull requests

1 participant