Описание
Security update for podman
This update for podman fixes the following issues:
- CVE-2024-1753: Fixed full container escape at build time in buildah (bsc#1221677).
Список пакетов
SUSE Enterprise Storage 7.1
podman-4.4.4-150300.9.26.2
podman-cni-config-4.4.4-150300.9.26.2
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
podman-4.4.4-150300.9.26.2
podman-cni-config-4.4.4-150300.9.26.2
SUSE Linux Enterprise Micro 5.1
podman-4.4.4-150300.9.26.2
podman-cni-config-4.4.4-150300.9.26.2
SUSE Linux Enterprise Micro 5.2
podman-4.4.4-150300.9.26.2
podman-cni-config-4.4.4-150300.9.26.2
SUSE Linux Enterprise Server 15 SP3-LTSS
podman-4.4.4-150300.9.26.2
podman-cni-config-4.4.4-150300.9.26.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
podman-4.4.4-150300.9.26.2
podman-cni-config-4.4.4-150300.9.26.2
Ссылки
- Link for SUSE-SU-2024:1059-1
- E-Mail link for SUSE-SU-2024:1059-1
- SUSE Security Ratings
- SUSE Bug 1221677
- SUSE CVE CVE-2024-1753 page
Описание
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
Затронутые продукты
SUSE Enterprise Storage 7.1:podman-4.4.4-150300.9.26.2
SUSE Enterprise Storage 7.1:podman-cni-config-4.4.4-150300.9.26.2
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.4.4-150300.9.26.2
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.4.4-150300.9.26.2
Ссылки
- CVE-2024-1753
- SUSE Bug 1221677