Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia 8: MGASA-2023-0213 Moderate: Buildah, Podman Info Flaws

mageia
Calendar Grey July 7, 2023
Dist Mageia Esm H88
Recent enhancements for skopeo, buildah, and podman rectify several vulnerabilities, bolstering the stability and security of Mageia.
Information disclosure flaw was found in Buildah (CVE-2021-3602) podman allows forwarding hosts ports to vm from within vm (CVE-2021-4024) Allows use "../" separators in container...

Summary

Information disclosure flaw was found in Buildah (CVE-2021-3602) podman allows forwarding hosts ports to vm from within vm (CVE-2021-4024) Allows use "../" separators in containernetworking/cni to reference binaries such as 'reboot' in network configuration (CVE-2021-20206) github.com/containers/storage ddos via crafted tar file (CVE-2021-20291) buildah improper checking of X.509 certificate (CVE-2021-34558) buildah improper Content-Type checking (CVE-2021-41190) podman privilege escalation (CVE-2022-1227) podman incorrect handling of the supplementary groups (CVE-2022-2989) buildah incorrect handling of the supplementary groups (CVE-2022-2990) skopeo/podman Denial of Service through unbounded cardinality, and potential memory exhaustion (CVE-2022-21698) buildah/podman AddHostKey denail of service (CVE-2022-27191) podman inheritable file capabilities (CVE-2022-27649) buildah inheritable file capabilities (CVE-2022-27651)

References

- https://bugs.mageia.org/show_bug.cgi?id=28885

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYOHNG2Q7DCAQZMGYLMENLKALGDLG3X/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/25LCWXTFK5CEUYRWF74Y4C7VIMWDH2OI/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/R5D7XL7FL24TWFMGQ3K2S72EOUSLZMKL/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/F3ARUFZTP54XZ36JGEVCIBJZPX4LTF3G/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GWKDCFQ4EVHMJJ6V2EAABHSRZK34HUUT/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IKOQ2O3CAYO75ZV2PUCTL6G72K7JVGCT/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QKTJEKY2C35BIT22ZIPQZRQ4WY6ZW4W5/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XOKBC52ABMXFW242S6YAQLBUX3QPEDOR/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A4W4OXY44AKASYVR6NZPWKHHCVDI7LMX/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HRFGZZIO26CZN3P2K72PZABZKT5J4IUT/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OPCGIPJ4YWKRBYUO5NIO6H5RZROPWZVJ/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZNMB7O2UIXE34PGSCSOULGHPX5LIJBMM/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XNDJJ36ISNZQL6I3K25POE5HZZJYUEIV/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GDWE3ABI6VTR2BO4UV3HXEUYUN5CKUES/

- https://bugzilla.redhat.com/show_bug.cgi?id=1969264

- https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZAB6D3CGIKTOPITATFKEJEJZRRFUNAAF/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WYEKQOCOMRYA54WFUPJNNBZD5CPNRGHX/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4ZGUZD4KLTFHCQDYKB64PUVEWIB3YTL2/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LALQQUUGFHODEBITRRY26YKZFR2FQN5X/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/75MV35CPCW3Q5MAQR6OGEJEYVVEZ2MXI/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CAYDF5STQQ2MWYFKJISEVKKCDRW6K3MP/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3TUZNDAH2B26VPBK342UC3BHZNLBUXGX/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IA7RFWWF2TAD6ABTSEOCANQQEGMSU4YP/

-

-

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FY3N7H6VSDZM37B4SKM2PFFCUWU7QYWN/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2VWH6X6HOFPO6HTESF42HIJZEPXSWVIO/

-

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2IK53GWZ475OQ6ENABKMJMTOBZG6LXUR/

-

-

- https://lists.suse.com/pipermail/sle-security-updates/2022-October/012775.html

-

- https://access.redhat.com/errata/RHSA-2022:7822

- https://lists.suse.com/pipermail/sle-security-updates/2023-January/013557.html

-

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HX2XHVJTED7LYWP3LLJ3FTJMPQ4KYG44/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/I5RR5DUZHU2FFOE3EKYH6T74SA43EB4T/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/

-

- https://www.cve.org/CVERecord?id=CVE-2021-3602

- https://www.cve.org/CVERecord?id=CVE-2021-4024

- https://www.cve.org/CVERecord?id=CVE-2021-20206

- https://www.cve.org/CVERecord?id=CVE-2021-20291

- https://www.cve.org/CVERecord?id=CVE-2021-34558

- https://www.cve.org/CVERecord?id=CVE-2021-41190

- https://www.cve.org/CVERecord?id=CVE-2022-1227

- https://www.cve.org/CVERecord?id=CVE-2022-2989

- https://www.cve.org/CVERecord?id=CVE-2022-2990

- https://www.cve.org/CVERecord?id=CVE-2022-21698

- https://www.cve.org/CVERecord?id=CVE-2022-27191

- https://www.cve.org/CVERecord?id=CVE-2022-27649

- https://www.cve.org/CVERecord?id=CVE-2022-27651

Topics%20covered

Topics Covered

security advisory denial of service information disclosure mageia buildah podman skopeo

Resolution

SRPMS

- 8/core/skopeo-1.12.0-2.mga8

- 8/core/conmon-2.1.5-1.mga8

- 8/core/buildah-1.30.0-1.mga8

- 8/core/podman-4.5.1-1.mga8

Publication date: 07 Jul 2023
URL: https://advisories.mageia.org/MGASA-2023-0213.html
Type: security
CVE: CVE-2021-3602, CVE-2021-4024, CVE-2021-20206, CVE-2021-20291, CVE-2021-34558, CVE-2021-41190, CVE-2022-1227, CVE-2022-2989, CVE-2022-2990, CVE-2022-21698, CVE-2022-27191, CVE-2022-27649, CVE-2022-27651

Topics%20covered

Topics Covered

security advisory denial of service information disclosure mageia buildah podman skopeo

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here