A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | libpod | < 4.3.1+ds1-7 | libpod_4.3.1+ds1-7_all.deb |
Debian | 11 | all | libpod | < 3.0.1+dfsg1-3+deb11u5 | libpod_3.0.1+dfsg1-3+deb11u5_all.deb |
Debian | 999 | all | libpod | < 4.3.1+ds1-7 | libpod_4.3.1+ds1-7_all.deb |
Debian | 13 | all | libpod | < 4.3.1+ds1-7 | libpod_4.3.1+ds1-7_all.deb |