All errata/sisyphus/ALT-PU-2024-13755-2
ALT-PU-2024-13755-2

Package update podman in branch sisyphus

Version5.2.4-alt1
Task#359289
Published2026-02-04
Max severityHIGH
Severity:

Closed issues (6)

BDU:2024-09460
MEDIUM4.7

Уязвимость программного средства управления и запуска OCI-контейнеров Podman, связанная с неправильной проверкой входных данных, позволяющая нарушителю получить доступ к конфиденциальной информации

Published: 2024-11-14Modified: 2026-03-04
CVSS 3.xMEDIUM 4.7
CVSS:3.x/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N
CVSS 2.0MEDIUM 4.4
CVSS:2.0/AV:L/AC:H/Au:M/C:C/I:P/A:N
References
BDU:2024-09461
MEDIUM5.4

Уязвимость библиотеки containers-common языка программирования Golang, связанная с неправильным разрешением ссылки перед доступом к файлу, позволяющая нарушителю получить доступ к конфиденциальной информации

Published: 2024-11-14Modified: 2026-03-04
CVSS 3.xMEDIUM 5.4
CVSS:3.x/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
CVSS 2.0MEDIUM 5.6
CVSS:2.0/AV:N/AC:H/Au:S/C:C/I:P/A:N
References
CVE-2024-9341
HIGH8.2

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.

Published: 2024-10-01Modified: 2024-12-11
CVSS 3.xHIGH 8.2
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
References
CVE-2024-9407
MEDIUM4.7

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.

Published: 2024-10-01Modified: 2026-04-15
CVSS 3.xMEDIUM 4.7
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N
References
GHSA-fhqq-8f65-5xfc
MEDIUM5.9

Improper Input Validation in Buildah and Podman

Published: 2024-10-02Modified: 2024-12-20
CVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N
CVSS 4.0MEDIUM 5.9
CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
References
GHSA-mc76-5925-c5p6
MEDIUM5.8

Link Following in github.com/containers/common

Published: 2024-10-02Modified: 2024-12-11
CVSS 3.xMEDIUM 5.8
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
CVSS 4.0MEDIUM 5.8
CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
References