Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2021:0531

Опубликовано: 16 фев. 2021
Источник: rocky
Оценка: Moderate

Описание

Moderate: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API (CVE-2020-14370)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
critx86_641.module+el8.7.0+1076+9b1c11c1crit-3.15-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
criux86_641.module+el8.7.0+1076+9b1c11c1criu-3.15-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
libslirpx86_641.module+el8.7.0+1076+9b1c11c1libslirp-4.3.1-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
libslirp-develx86_641.module+el8.7.0+1076+9b1c11c1libslirp-devel-4.3.1-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
python3-criux86_641.module+el8.7.0+1076+9b1c11c1python3-criu-3.15-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
python-podman-apinoarch0.2.gitd0a45fe.module+el8.5.0+770+e2f49861python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.5.0+770+e2f49861.noarch.rpm
slirp4netnsx86_641.module+el8.7.0+1076+9b1c11c1slirp4netns-1.1.8-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
udicanoarch1.module+el8.7.0+1076+9b1c11c1udica-0.2.4-1.module+el8.7.0+1076+9b1c11c1.noarch.rpm

Показывать по

Связанные CVE

CVE-2020-14370

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2020-14370

CVSS3: 5.3
ubuntu
больше 4 лет назад

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.

redhat логотип

CVE-2020-14370

CVSS3: 5.3
redhat
больше 4 лет назад

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.

nvd логотип

CVE-2020-14370

CVSS3: 5.3
nvd
больше 4 лет назад

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.

debian логотип

CVE-2020-14370

CVSS3: 5.3
debian
больше 4 лет назад

An information disclosure vulnerability was found in containers/podman ...

suse-cvrf логотип

openSUSE-SU-2020:2063-1

suse-cvrf
больше 4 лет назад

Security update for podman