Описание
A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| podman | fixed | 5.3.2+ds1-1 | package | |
| libpod | removed | package | ||
| libpod | no-dsa | bookworm | package | |
| libpod | postponed | bullseye | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=2367235
Fixed in podman by bumping/tighening the dependency on buildah up to the
version fixing CVE-2024-11218 and CVE-2024-9675. This is tricky to track
properly as we need to bump the dependency and rebuild to address the issue.
Details in: https://bugs.debian.org/1117966#22
EPSS
Связанные уязвимости
A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.
A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.
A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.
Podman Creates Temporary File with Insecure Permissions
EPSS