Vulnerability CVE-2023-0778: Information
Description
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
Severity: MEDIUM (6.8) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
podman | sisyphus | 4.4.2-alt1 | 5.0.2-alt1.1 | ALT-PU-2023-1353-1 | 315918 | Fixed |
podman | sisyphus_riscv64 | 4.4.2-alt1 | 5.0.2-alt1.1 | ALT-PU-2023-2734-1 | - | Fixed |
podman | p10 | 4.4.2-alt1 | 4.9.4-alt0.p10 | ALT-PU-2023-1488-1 | 315926 | Fixed |
podman | c10f1 | 4.4.2-alt1 | 4.4.4-alt1 | ALT-PU-2023-1488-1 | 315926 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2168256 |
|