Summary: | <app-containers/podman-4.3.0: incorrect handling of supplementary groups | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | zmedico |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/ | ||
Whiteboard: | B4 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 889960 | ||
Bug Blocks: |
Description
John Helmert III
2022-09-17 17:59:19 UTC
(In reply to John Helmert III from comment #0) > CVE-2022-2989: > > An incorrect handling of the supplementary groups in the Podman container > engine might lead to the sensitive information disclosure or possible data > modification if an attacker has direct access to the affected container > where supplementary groups are used to set access permissions and is able to > execute a binary code in that container. > > The RedHat bug has no reference to upstream: > https://bugzilla.redhat.com/show_bug.cgi?id=2121445 Now there is! Unreleased patch is: https://github.com/containers/podman/commit/5c7f28336171f0a5137edd274e45608120d31289 (In reply to John Helmert III from comment #1) > (In reply to John Helmert III from comment #0) > > CVE-2022-2989: > > > > An incorrect handling of the supplementary groups in the Podman container > > engine might lead to the sensitive information disclosure or possible data > > modification if an attacker has direct access to the affected container > > where supplementary groups are used to set access permissions and is able to > > execute a binary code in that container. > > > > The RedHat bug has no reference to upstream: > > https://bugzilla.redhat.com/show_bug.cgi?id=2121445 > > Now there is! Unreleased patch is: > https://github.com/containers/podman/commit/ > 5c7f28336171f0a5137edd274e45608120d31289 In v4.3.0-rc1 And now in 4.3.0. Please bump. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e114cc38eb7cb4d434e366d6fff10281b483827 commit 6e114cc38eb7cb4d434e366d6fff10281b483827 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-10-20 00:02:49 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-10-20 00:02:57 +0000 app-containers/podman: add 4.3.0 Bug: https://bugs.gentoo.org/870931 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-containers/podman/Manifest | 1 + app-containers/podman/podman-4.3.0.ebuild | 165 ++++++++++++++++++++++++++++++ 2 files changed, 166 insertions(+) Thank you! Please stabilize when ready. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4ed032cdd4aff2e5e517f0f380d2587fc53e81a commit c4ed032cdd4aff2e5e517f0f380d2587fc53e81a Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2023-01-06 22:33:27 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2023-01-06 22:33:46 +0000 app-containers/podman: drop 4.1.0-r1, 4.2.1, 4.3.0 Bug: https://bugs.gentoo.org/870931 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-containers/podman/Manifest | 3 - app-containers/podman/podman-4.1.0-r1.ebuild | 165 --------------------------- app-containers/podman/podman-4.2.1.ebuild | 165 --------------------------- app-containers/podman/podman-4.3.0.ebuild | 165 --------------------------- 4 files changed, 498 deletions(-) Thanks! |