Headline
RHSA-2022:8431: Red Hat Security Advisory: podman security, bug fix, and enhancement update
An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-2989: podman: possible information disclosure and modification
- CVE-2022-2990: buildah: possible information disclosure and modification
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-11-15
Updated:
2022-11-15
RHSA-2022:8431 - Security Advisory
- Overview
- Updated Packages
Synopsis
Low: podman security, bug fix, and enhancement update
Type/Severity
Security Advisory: Low
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for podman is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
- podman: possible information disclosure and modification (CVE-2022-2989)
- buildah: possible information disclosure and modification (CVE-2022-2990)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- (podman image trust) does not support the new trust type "sigstoreSigned " (BZ#2120436)
- dnf-update broken for podman/catatonit (BZ#2123319)
- podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/ (BZ#2123905)
- podman kill may deadlock [RHEL 9.1] (BZ#2124716)
- containers config.json gets empty after sudden power loss (BZ#2136278)
- PANIC podman API service endpoint handler panic (BZ#2136287)
Enhancement(s):
- Podman volume plugin timeout should be configurable [rhel-9.1.0 Z] (BZ#2124676)
- [RFE]Podman support to perform custom actions on unhealthy containers (BZ#2136281)
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2120436 - (podman image trust) does not support the new trust type "sigstoreSigned "
- BZ - 2121445 - CVE-2022-2989 podman: possible information disclosure and modification
- BZ - 2121453 - CVE-2022-2990 buildah: possible information disclosure and modification
- BZ - 2123319 - dnf-update broken for podman/catatonit
- BZ - 2123905 - podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/
- BZ - 2124676 - Podman volume plugin timeout should be configurable [rhel-9.1.0 Z]
- BZ - 2124716 - podman kill may deadlock [RHEL 9.1]
- BZ - 2136278 - containers config.json gets empty after sudden power loss [rhel-9.1.0.z]
- BZ - 2136281 - [RFE]Podman support to perform custom actions on unhealthy containers [rhel-9.1.0.z]
- BZ - 2136287 - PANIC podman API service endpoint handler panic [rhel-9.1.0.z]
References
- https://access.redhat.com/security/updates/classification/#low
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
podman-4.2.0-7.el9_1.src.rpm
SHA-256: 7266fb548f968152dfdcec03cade4ac72925bd1d038e1ef315cdbfb103128294
x86_64
podman-4.2.0-7.el9_1.x86_64.rpm
SHA-256: 10e434c45e99d2b8401557e25e313d0a2d02ea4d989e18ee8be4e4289cf0ba64
podman-catatonit-4.2.0-7.el9_1.x86_64.rpm
SHA-256: c777877c2b5f3cd69e677a2b250d3019a4d62db79b5a6807eb9ee62e9a033113
podman-catatonit-debuginfo-4.2.0-7.el9_1.x86_64.rpm
SHA-256: 9df194e5dacdb85a99752147ddd134beaef29432b4295c27541274f3fb91a0f6
podman-debuginfo-4.2.0-7.el9_1.x86_64.rpm
SHA-256: 47dd55d0f855631fd6dc5b47030e73ddcee6e09b932fcb66f4289125cfc41c83
podman-debugsource-4.2.0-7.el9_1.x86_64.rpm
SHA-256: 430002aeaea265bee7a70f6b952da7805cdb54e2cd2cbaa969494e74d6159ba7
podman-docker-4.2.0-7.el9_1.noarch.rpm
SHA-256: 5a62bea69158a72adbbd5e26c5fa458945ff96919c60f68ed6d917899ff60433
podman-gvproxy-4.2.0-7.el9_1.x86_64.rpm
SHA-256: 7bd4788ed5b87d18ad34b3cfe35fb1c94845efc835e28d9085e8cabed69df071
podman-gvproxy-debuginfo-4.2.0-7.el9_1.x86_64.rpm
SHA-256: 5895e80686e891704571fa170dbeadb60312c5665eb4b688ef9bfd1b5f6eb57a
podman-plugins-4.2.0-7.el9_1.x86_64.rpm
SHA-256: 98d196eb8f6c5b1d90da590045dc7aa8464f2b7f92e07f96180dc0b32be869b5
podman-plugins-debuginfo-4.2.0-7.el9_1.x86_64.rpm
SHA-256: a1b862bcc24b80e618e7dead9605bef231350ad12a13a3e79295188e6e05591a
podman-remote-4.2.0-7.el9_1.x86_64.rpm
SHA-256: 817a50083cb13604c81f2ce2b35ffcc1b05678da1392e3f1235fd6a2fd2b9063
podman-remote-debuginfo-4.2.0-7.el9_1.x86_64.rpm
SHA-256: 05d35b7e906a2d302989f45104bbacfe6f7804d3c281d46107922e20d102b8a8
podman-tests-4.2.0-7.el9_1.x86_64.rpm
SHA-256: bd27a08ece434d1b5749c10c845cee7f2c9cdb36e47ebdb993d5accc7c1b8f7d
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
podman-4.2.0-7.el9_1.src.rpm
SHA-256: 7266fb548f968152dfdcec03cade4ac72925bd1d038e1ef315cdbfb103128294
s390x
podman-4.2.0-7.el9_1.s390x.rpm
SHA-256: 076aebf1095985805ce68812a3c8602f5260e9ffc8a0b357e33e73ebd8a22071
podman-catatonit-4.2.0-7.el9_1.s390x.rpm
SHA-256: 98170906481deffe29391573f1c23f572dfd6ee9c6d601eaed5e614e70325597
podman-catatonit-debuginfo-4.2.0-7.el9_1.s390x.rpm
SHA-256: f3e54fd4230a531c8e7a16de69f7032e5b9427e054d0b742e4c50d556caeaebf
podman-debuginfo-4.2.0-7.el9_1.s390x.rpm
SHA-256: 5109565ac6017b6b015b28c8901b599d752ef70401291a58d035b4742fb1d539
podman-debugsource-4.2.0-7.el9_1.s390x.rpm
SHA-256: 5decc01c902b7ec1b4e154afafca7207e1a37ce19c7e1e0b0941db11b1735f53
podman-docker-4.2.0-7.el9_1.noarch.rpm
SHA-256: 5a62bea69158a72adbbd5e26c5fa458945ff96919c60f68ed6d917899ff60433
podman-gvproxy-4.2.0-7.el9_1.s390x.rpm
SHA-256: 15c19ad4314b73f52d0c51b2c2c12cde669389da041bce7465076b899b52e400
podman-gvproxy-debuginfo-4.2.0-7.el9_1.s390x.rpm
SHA-256: de83f414bfadd727cbe55c7d088efa69c7bb9776cdb0539c42eb80a669250951
podman-plugins-4.2.0-7.el9_1.s390x.rpm
SHA-256: 57a3fba67f0730518237cf386e3ff83563b5ca7815bce31d7122d5eebaef92ad
podman-plugins-debuginfo-4.2.0-7.el9_1.s390x.rpm
SHA-256: 9ecac40d6727a864009000a60751305ebe0744bef1402ac81ab7e09d6138a375
podman-remote-4.2.0-7.el9_1.s390x.rpm
SHA-256: 1c8bbaf10e2c8e4117e935d4978cb62b45a5671d9ce0336f34f54e8424e2ea9b
podman-remote-debuginfo-4.2.0-7.el9_1.s390x.rpm
SHA-256: 2d4c242f98797d5395c8a81cbfa2466f996ae6328fa4261ab1dfa1b714500acf
podman-tests-4.2.0-7.el9_1.s390x.rpm
SHA-256: 160f45e48322a46e67eb0d1ade9157a2d75206b50552a5d5b5fb79203a373a34
Red Hat Enterprise Linux for Power, little endian 9
SRPM
podman-4.2.0-7.el9_1.src.rpm
SHA-256: 7266fb548f968152dfdcec03cade4ac72925bd1d038e1ef315cdbfb103128294
ppc64le
podman-4.2.0-7.el9_1.ppc64le.rpm
SHA-256: 5af4dfb757c84291a2eb2514560cad28fa602e379818f942488cc999afbeb244
podman-catatonit-4.2.0-7.el9_1.ppc64le.rpm
SHA-256: 07503f94ca7224d6357829059d3d658e1530f98f10097ed6acb3324f176d64f8
podman-catatonit-debuginfo-4.2.0-7.el9_1.ppc64le.rpm
SHA-256: f044a18a4ebfc8c1d94e3cca7f032e095628acc5db02429718884fb8c9f4d5b3
podman-debuginfo-4.2.0-7.el9_1.ppc64le.rpm
SHA-256: aa062d29018bedd587128528284dcb06f8dae4b7cb244866f9f4d58ad66f378f
podman-debugsource-4.2.0-7.el9_1.ppc64le.rpm
SHA-256: b640746c2d1bb1a0461f99bf0ebfd10902ad65e623aa3ca14c47ef60e394c43f
podman-docker-4.2.0-7.el9_1.noarch.rpm
SHA-256: 5a62bea69158a72adbbd5e26c5fa458945ff96919c60f68ed6d917899ff60433
podman-gvproxy-4.2.0-7.el9_1.ppc64le.rpm
SHA-256: 3982ab59a24714ad1056acc54c2da6e0be3cde4e78a142726055638e846730b4
podman-gvproxy-debuginfo-4.2.0-7.el9_1.ppc64le.rpm
SHA-256: 7655b99c6ace20cd5a7d2b9775671b8ef9e3ff08bd14b1e07d95e6c21779e73d
podman-plugins-4.2.0-7.el9_1.ppc64le.rpm
SHA-256: e729258ca60d857dd60f95b3f4927a73eba8b5cd1496c24323666f15d8f619a5
podman-plugins-debuginfo-4.2.0-7.el9_1.ppc64le.rpm
SHA-256: 9b17e3de6642d4da43ceadb6856e6ffb033199cb3ba4198eff3a480ff71e4cee
podman-remote-4.2.0-7.el9_1.ppc64le.rpm
SHA-256: 912db760ccf9c50c37edec6bb8a4b9619c3c59830d3083c511fe7ca0b31abf41
podman-remote-debuginfo-4.2.0-7.el9_1.ppc64le.rpm
SHA-256: e5d441c76266763c55157675117bfa020f777ed7c9522150a8ccfae142a8e583
podman-tests-4.2.0-7.el9_1.ppc64le.rpm
SHA-256: f188ee419ec664a881357c65b390c557a0d431b343835bab8b43dba7ed4f375d
Red Hat Enterprise Linux for ARM 64 9
SRPM
podman-4.2.0-7.el9_1.src.rpm
SHA-256: 7266fb548f968152dfdcec03cade4ac72925bd1d038e1ef315cdbfb103128294
aarch64
podman-4.2.0-7.el9_1.aarch64.rpm
SHA-256: a1dbe350f5b3bb0abf05d10f6e299168a917837d7d0cfc6e5b30d9449d27ef0c
podman-catatonit-4.2.0-7.el9_1.aarch64.rpm
SHA-256: 267e1ba17ce471bf171d3e805e566b8131351f2bd9ae37ca6948506d83f77f87
podman-catatonit-debuginfo-4.2.0-7.el9_1.aarch64.rpm
SHA-256: 543614afe5f39f461648f948cf7b46de3d4a0596e94cf21aa2047c69ca2f2bb7
podman-debuginfo-4.2.0-7.el9_1.aarch64.rpm
SHA-256: fc2943b9da6358ef55a45e9cc7abf78194b9d60c9a298e3b603ffa938b7dfede
podman-debugsource-4.2.0-7.el9_1.aarch64.rpm
SHA-256: 997023273c436620aa1ab0ee0fc75fc0a9427bb7cde897570e2ed7a0c82c3c5d
podman-docker-4.2.0-7.el9_1.noarch.rpm
SHA-256: 5a62bea69158a72adbbd5e26c5fa458945ff96919c60f68ed6d917899ff60433
podman-gvproxy-4.2.0-7.el9_1.aarch64.rpm
SHA-256: 30766bc8ca7b65a46eb0970e42ad716d9f037a90a0d88c0868244134705aca7d
podman-gvproxy-debuginfo-4.2.0-7.el9_1.aarch64.rpm
SHA-256: 7477144304ec36531d4456b7541863c58a3822e1f135ca7368817b373cf8a9bb
podman-plugins-4.2.0-7.el9_1.aarch64.rpm
SHA-256: f8f77ba8643c735ee53472af40465a15eb7063d886e0a83ebaa31ef7c1c1c465
podman-plugins-debuginfo-4.2.0-7.el9_1.aarch64.rpm
SHA-256: fbb18a93b0c3156523a5b6f95a999fa32217599997e595b2bb3e2dc4818d4040
podman-remote-4.2.0-7.el9_1.aarch64.rpm
SHA-256: 7980ee0223215e4a02f0f01cbebcf7bb058a3421f50036a0baf0e3a8afb16130
podman-remote-debuginfo-4.2.0-7.el9_1.aarch64.rpm
SHA-256: 34c33e7b5125a6dbd81afb596438a4ec96f6a5bb5e2bc35717c9f223b9c115d1
podman-tests-4.2.0-7.el9_1.aarch64.rpm
SHA-256: 3f6ff45b44143175a3b76526b643e226fcd1dead8dcb806180485d3a88881660
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202407-12 - Multiple vulnerabilities have been discovered in Podman, the worst of which could lead to privilege escalation. Versions greater than or equal to 4.9.4 are affected.
Ubuntu Security Notice 6295-1 - It was discovered that Podman incorrectly handled certain supplementary groups. An attacker could possibly use this issue to expose sensitive information or execute binary code.
Red Hat Security Advisory 2023-1325-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, and information leakage vulnerabilities.
Red Hat Security Advisory 2023-1328-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2990: An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has d...
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...
Red Hat Security Advisory 2023-1327-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0.
Red Hat Security Advisory 2023-2802-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and information leakage vulnerabilities.
Red Hat Security Advisory 2022-8431-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2022-8008-01 - The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Issues addressed include denial of service and information leakage vulnerabilities.
An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20291: containers/storage: DoS via malicious image * CVE-2021-33195: golang: net: lookup functions may return invalid host names * CVE-2021-33197: golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty * CVE-2021-33198: golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very l...
Red Hat Security Advisory 2022-7457-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include information leakage and memory exhaustion vulnerabilities.
Red Hat Security Advisory 2022-7822-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2022-7822-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include an information leakage vulnerability.
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2989: podman: possible information disclosure and modification * CVE-2022-2990: buildah: possible information disclosure and modification
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2989: podman: possible information disclosure and modification * CVE-2022-2990: buildah: possible information disclosure and modification
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-36221: golang: net/http/httputil: panic due to racy read of persistConn after handler panic * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-2990: buildah: possible information disclosure and modification * CVE-...
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
Linus Torvalds says Retbleed has been addressed in the Linux kernel, but code complexity means the release will be delayed by a week to give more time for testing.