rpm package
almalinux/podman
pkg:rpm/almalinux/podman
Vulnerabilities (101)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68121 | Cri | 10.0 | < 7:5.6.0-12.el10_1.alma.1 | 7:5.6.0-12.el10_1.alma.1 | Feb 5, 2026 | During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and | |
| CVE-2025-61728 | — | < 7:5.6.0-12.el10_1.alma.1 | 7:5.6.0-12.el10_1.alma.1 | Jan 28, 2026 | archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive. | ||
| CVE-2025-61726 | — | < 7:5.6.0-12.el10_1.alma.1 | 7:5.6.0-12.el10_1.alma.1 | Jan 28, 2026 | The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a la | ||
| CVE-2025-65637 | — | < 4:4.9.4-28.module_el8.10.0+4120+03ad4b47 | 4:4.9.4-28.module_el8.10.0+4120+03ad4b47 | Dec 4, 2025 | A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is | ||
| CVE-2025-61729 | — | < 7:5.6.0-12.el10_1.alma.1 | 7:5.6.0-12.el10_1.alma.1 | Dec 2, 2025 | Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a | ||
| CVE-2025-47913 | — | < 6:5.6.0-11.el9_7 | 6:5.6.0-11.el9_7 | Nov 13, 2025 | SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process. | ||
| CVE-2025-52881 | — | < 7:5.6.0-6.el10_1 | 7:5.6.0-6.el10_1 | Nov 6, 2025 | runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have | ||
| CVE-2025-52565 | — | < 4:4.9.4-23.module_el8.10.0+4068+0e21408f | 4:4.9.4-23.module_el8.10.0+4068+0e21408f | Nov 6, 2025 | runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the conta | ||
| CVE-2025-31133 | — | < 4:4.9.4-23.module_el8.10.0+4068+0e21408f | 4:4.9.4-23.module_el8.10.0+4068+0e21408f | Nov 6, 2025 | runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container | ||
| CVE-2025-58183 | Med | 4.3 | < 7:5.6.0-8.el10_1 | 7:5.6.0-8.el10_1 | Oct 29, 2025 | tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When r | |
| CVE-2025-9566 | Hig | 8.1 | < 5:5.4.0-13.el9_6 | 5:5.4.0-13.el9_6 | Sep 5, 2025 | There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only | |
| CVE-2025-47907 | — | < 6:5.6.0-6.el9_7 | 6:5.6.0-6.el9_7 | Aug 7, 2025 | Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the ex | ||
| CVE-2025-6032 | Hig | 8.3 | < 5:5.4.0-12.el9_6 | 5:5.4.0-12.el9_6 | Jun 24, 2025 | A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack. | |
| CVE-2025-22871 | Cri | 9.1 | < 4:4.9.4-20.module_el8.10.0+3970+8445edf6 | 4:4.9.4-20.module_el8.10.0+3970+8445edf6 | Apr 8, 2025 | The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. | |
| CVE-2025-22869 | — | < 4:4.9.4-20.module_el8.10.0+3970+8445edf6 | 4:4.9.4-20.module_el8.10.0+3970+8445edf6 | Feb 26, 2025 | SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. | ||
| CVE-2025-27144 | Med | — | < 6:5.4.0-9.el10_0 | 6:5.4.0-9.el10_0 | Feb 24, 2025 | Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when par | |
| CVE-2024-11218 | Hig | 8.6 | < 4:5.2.2-13.el9_5 | 4:5.2.2-13.el9_5 | Jan 22, 2025 | A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and d | |
| CVE-2024-9676 | — | < 4:4.9.4-18.module_el8.10.0+3926+f12484f5 | 4:4.9.4-18.module_el8.10.0+3926+f12484f5 | Oct 15, 2024 | A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned | ||
| CVE-2024-9675 | — | < 4:4.9.4-15.module_el8.10.0+3909+6e1c1eb7 | 4:4.9.4-15.module_el8.10.0+3909+6e1c1eb7 | Oct 9, 2024 | A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as lo | ||
| CVE-2024-9407 | Med | 4.7 | < 4:4.9.4-15.module_el8.10.0+3909+6e1c1eb7 | 4:4.9.4-15.module_el8.10.0+3909+6e1c1eb7 | Oct 1, 2024 | A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensi |
- affected < 7:5.6.0-12.el10_1.alma.1fixed 7:5.6.0-12.el10_1.alma.1
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and
- CVE-2025-61728Jan 28, 2026affected < 7:5.6.0-12.el10_1.alma.1fixed 7:5.6.0-12.el10_1.alma.1
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.
- CVE-2025-61726Jan 28, 2026affected < 7:5.6.0-12.el10_1.alma.1fixed 7:5.6.0-12.el10_1.alma.1
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a la
- CVE-2025-65637Dec 4, 2025affected < 4:4.9.4-28.module_el8.10.0+4120+03ad4b47fixed 4:4.9.4-28.module_el8.10.0+4120+03ad4b47
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is
- CVE-2025-61729Dec 2, 2025affected < 7:5.6.0-12.el10_1.alma.1fixed 7:5.6.0-12.el10_1.alma.1
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a
- CVE-2025-47913Nov 13, 2025affected < 6:5.6.0-11.el9_7fixed 6:5.6.0-11.el9_7
SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
- CVE-2025-52881Nov 6, 2025affected < 7:5.6.0-6.el10_1fixed 7:5.6.0-6.el10_1
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have
- CVE-2025-52565Nov 6, 2025affected < 4:4.9.4-23.module_el8.10.0+4068+0e21408ffixed 4:4.9.4-23.module_el8.10.0+4068+0e21408f
runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the conta
- CVE-2025-31133Nov 6, 2025affected < 4:4.9.4-23.module_el8.10.0+4068+0e21408ffixed 4:4.9.4-23.module_el8.10.0+4068+0e21408f
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container
- affected < 7:5.6.0-8.el10_1fixed 7:5.6.0-8.el10_1
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When r
- affected < 5:5.4.0-13.el9_6fixed 5:5.4.0-13.el9_6
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only
- CVE-2025-47907Aug 7, 2025affected < 6:5.6.0-6.el9_7fixed 6:5.6.0-6.el9_7
Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the ex
- affected < 5:5.4.0-12.el9_6fixed 5:5.4.0-12.el9_6
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
- affected < 4:4.9.4-20.module_el8.10.0+3970+8445edf6fixed 4:4.9.4-20.module_el8.10.0+3970+8445edf6
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
- CVE-2025-22869Feb 26, 2025affected < 4:4.9.4-20.module_el8.10.0+3970+8445edf6fixed 4:4.9.4-20.module_el8.10.0+3970+8445edf6
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
- affected < 6:5.4.0-9.el10_0fixed 6:5.4.0-9.el10_0
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when par
- affected < 4:5.2.2-13.el9_5fixed 4:5.2.2-13.el9_5
A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and d
- CVE-2024-9676Oct 15, 2024affected < 4:4.9.4-18.module_el8.10.0+3926+f12484f5fixed 4:4.9.4-18.module_el8.10.0+3926+f12484f5
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned
- CVE-2024-9675Oct 9, 2024affected < 4:4.9.4-15.module_el8.10.0+3909+6e1c1eb7fixed 4:4.9.4-15.module_el8.10.0+3909+6e1c1eb7
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as lo
- affected < 4:4.9.4-15.module_el8.10.0+3909+6e1c1eb7fixed 4:4.9.4-15.module_el8.10.0+3909+6e1c1eb7
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensi
Page 1 of 6