MGASA-2023-0213

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2023-0213.html

Import Source

https://advisories.mageia.org/MGASA-2023-0213.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2023-0213

Related

Published

2023-07-07T05:54:45Z

Modified

2023-07-07T04:37:25Z

Summary

Updated skopeo/buildah/podman packages fix security vulnerability

Details

Information disclosure flaw was found in Buildah (CVE-2021-3602) podman allows forwarding hosts ports to vm from within vm (CVE-2021-4024) Allows use "../" separators in containernetworking/cni to reference binaries such as 'reboot' in network configuration (CVE-2021-20206) github.com/containers/storage ddos via crafted tar file (CVE-2021-20291) buildah improper checking of X.509 certificate (CVE-2021-34558) buildah improper Content-Type checking (CVE-2021-41190) podman privilege escalation (CVE-2022-1227) podman incorrect handling of the supplementary groups (CVE-2022-2989) buildah incorrect handling of the supplementary groups (CVE-2022-2990) skopeo/podman Denial of Service through unbounded cardinality, and potential memory exhaustion (CVE-2022-21698) buildah/podman AddHostKey denail of service (CVE-2022-27191) podman inheritable file capabilities (CVE-2022-27649) buildah inheritable file capabilities (CVE-2022-27651)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / skopeo

Package

Name: skopeo
Purl: pkg:rpm/mageia/skopeo?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.0-2.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / conmon

Package

Name: conmon
Purl: pkg:rpm/mageia/conmon?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.5-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / buildah

Package

Name: buildah
Purl: pkg:rpm/mageia/buildah?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.30.0-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / podman

Package

Name: podman
Purl: pkg:rpm/mageia/podman?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.1-1.mga8

Ecosystem specific

{
    "section": "core"
}