Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 936573

Summary: <app-containers/podman-5.0.3: unexpected authenticated registry access
Product: Gentoo Security Reporter: Serguey Parkhomovsky <sergueyparkhomovsky>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: me, proxy-maint, zmedico
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [cleanup glsa?]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 936384    

Description Serguey Parkhomovsky 2024-07-24 05:40:21 UTC 
Podman 4.9.5 addresses CVE-2024-3727, a vulnerability in the containers/image library which allows attackers to trigger authenticated registry access on behalf of the victim user.
Comment 1 Hans de Graaff gentoo-dev Security 2024-07-24 11:21:15 UTC 
Fixed in 4.9.5 and 5.0.3 upstream.