Описание
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| podman | fixed | 5.4.2+ds1-2 | package | |
| libpod | removed | package | ||
| libpod | not-affected | bookworm | package | |
| libpod | not-affected | bullseye | package |
Примечания
https://github.com/advisories/GHSA-65gg-3w2w-hr4h
Fixed by: https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3 (main)
Fixed by: https://github.com/containers/podman/commit/1569c209829530b1f42e8c2fce851de8003ab3fe (v5.5.2)
EPSS
Связанные уязвимости
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
Podman Improper Certificate Validation; machine missing TLS verification
ELSA-2025-10551: container-tools:rhel8 security update (IMPORTANT)
EPSS