rpm package
suse/podman&distro=SUSE Linux Micro 6.1
pkg:rpm/suse/podman&distro=SUSE%20Linux%20Micro%206.1
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-9566 | Hig | 8.1 | < 5.4.2-slfo.1.1_2.1 | 5.4.2-slfo.1.1_2.1 | Sep 5, 2025 | There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only | |
| CVE-2025-6032 | Hig | 8.3 | < 5.4.2-slfo.1.1_1.1 | 5.4.2-slfo.1.1_1.1 | Jun 24, 2025 | A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack. | |
| CVE-2025-22869 | — | < 5.2.5-slfo.1.1_1.1 | 5.2.5-slfo.1.1_1.1 | Feb 26, 2025 | SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. | ||
| CVE-2025-27144 | Med | — | < 5.2.5-slfo.1.1_1.1 | 5.2.5-slfo.1.1_1.1 | Feb 24, 2025 | Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when par | |
| CVE-2024-11218 | Hig | 8.6 | < 5.2.5-slfo.1.1_1.1 | 5.2.5-slfo.1.1_1.1 | Jan 22, 2025 | A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and d | |
| CVE-2024-9407 | Med | 4.7 | < 5.2.5-slfo.1.1_1.1 | 5.2.5-slfo.1.1_1.1 | Oct 1, 2024 | A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensi | |
| CVE-2024-3727 | Hig | 8.3 | < 5.2.5-slfo.1.1_1.1 | 5.2.5-slfo.1.1_1.1 | May 14, 2024 | A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. | |
| CVE-2023-45288 | Hig | 7.5 | < 5.2.5-slfo.1.1_1.1 | 5.2.5-slfo.1.1_1.1 | Apr 4, 2024 | An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed Ma | |
| CVE-2024-1753 | Hig | 8.6 | < 5.2.5-slfo.1.1_1.1 | 5.2.5-slfo.1.1_1.1 | Mar 18, 2024 | A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause t |
- affected < 5.4.2-slfo.1.1_2.1fixed 5.4.2-slfo.1.1_2.1
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only
- affected < 5.4.2-slfo.1.1_1.1fixed 5.4.2-slfo.1.1_1.1
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
- CVE-2025-22869Feb 26, 2025affected < 5.2.5-slfo.1.1_1.1fixed 5.2.5-slfo.1.1_1.1
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
- affected < 5.2.5-slfo.1.1_1.1fixed 5.2.5-slfo.1.1_1.1
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when par
- affected < 5.2.5-slfo.1.1_1.1fixed 5.2.5-slfo.1.1_1.1
A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and d
- affected < 5.2.5-slfo.1.1_1.1fixed 5.2.5-slfo.1.1_1.1
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensi
- affected < 5.2.5-slfo.1.1_1.1fixed 5.2.5-slfo.1.1_1.1
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
- affected < 5.2.5-slfo.1.1_1.1fixed 5.2.5-slfo.1.1_1.1
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed Ma
- affected < 5.2.5-slfo.1.1_1.1fixed 5.2.5-slfo.1.1_1.1
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause t