Advisories ยป MGASA-2023-0213

Updated skopeo/buildah/podman packages fix security vulnerability

Publication date: 07 Jul 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-3602 , CVE-2021-4024 , CVE-2021-20206 , CVE-2021-20291 , CVE-2021-34558 , CVE-2021-41190 , CVE-2022-1227 , CVE-2022-2989 , CVE-2022-2990 , CVE-2022-21698 , CVE-2022-27191 , CVE-2022-27649 , CVE-2022-27651


Information disclosure flaw was found in Buildah (CVE-2021-3602)
podman allows forwarding hosts ports to vm from within vm (CVE-2021-4024)
Allows use  "../" separators in containernetworking/cni to reference
binaries such as 'reboot' in network configuration (CVE-2021-20206) ddos via crafted tar file (CVE-2021-20291)
buildah improper checking of X.509 certificate (CVE-2021-34558)
buildah improper Content-Type checking (CVE-2021-41190)
podman privilege escalation (CVE-2022-1227)
podman incorrect handling of the supplementary groups (CVE-2022-2989)
buildah incorrect handling of the supplementary groups (CVE-2022-2990)
skopeo/podman Denial of Service through unbounded cardinality, and
potential memory exhaustion (CVE-2022-21698)
buildah/podman AddHostKey denail of service (CVE-2022-27191)
podman inheritable file capabilities (CVE-2022-27649)
buildah inheritable file capabilities (CVE-2022-27651)