rpm package
almalinux/podman
pkg:rpm/almalinux/podman
Vulnerabilities (106)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-20291 | Med | 6.5 | < 2:4.2.0-3.el9 | 2:4.2.0-3.el9 | Apr 1, 2021 | A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation wh | |
| CVE-2021-20188 | Hig | 7.0 | < 1.0.0-8.git921f98f.module_el8.3.0+2044+12421f43 | 1.0.0-8.git921f98f.module_el8.3.0+2044+12421f43 | Feb 11, 2021 | A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root use | |
| CVE-2021-20199 | Med | 5.9 | < 2:4.2.0-3.el9 | 2:4.2.0-3.el9 | Feb 2, 2021 | Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podma | |
| CVE-2020-28852 | Hig | 7.5 | < 2:4.2.0-3.el9 | 2:4.2.0-3.el9 | Jan 2, 2021 | In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | |
| CVE-2020-28851 | Hig | 7.5 | < 2:4.2.0-3.el9 | 2:4.2.0-3.el9 | Jan 2, 2021 | In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | |
| CVE-2019-19921 | Hig | 7.0 | < 2:4.0.2-24.module_el8.9.0+3627+db8ec155 | 2:4.0.2-24.module_el8.9.0+3627+db8ec155 | Feb 12, 2020 | runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vul |
- affected < 2:4.2.0-3.el9fixed 2:4.2.0-3.el9
A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation wh
- affected < 1.0.0-8.git921f98f.module_el8.3.0+2044+12421f43fixed 1.0.0-8.git921f98f.module_el8.3.0+2044+12421f43
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root use
- affected < 2:4.2.0-3.el9fixed 2:4.2.0-3.el9
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podma
- affected < 2:4.2.0-3.el9fixed 2:4.2.0-3.el9
In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
- affected < 2:4.2.0-3.el9fixed 2:4.2.0-3.el9
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
- affected < 2:4.0.2-24.module_el8.9.0+3627+db8ec155fixed 2:4.0.2-24.module_el8.9.0+3627+db8ec155
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vul
Page 6 of 6