11 matches found
MiracleLinux 7 : podman-1.6.4-16.el7 (AXSA:2020-058:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-058:01 advisory. podman: resolving symlink in host filesystem leads to unexpected results of copy operation CVE-2019-18466 containers/image: Container images read...
CentOS 7 : podman (RHSA-2020:1227)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1227 advisory. - An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the...
SUSE: Security Advisory (SUSE-SU-2020:0697-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : podman (RHSA-2020:1227)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1227 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use contain...
openSUSE Security Update : cni / cni-plugins / conmon / etc (openSUSE-2020-398)
This update for cni, cni-plugins, conmon, fuse-overlayfs, podman fixes the following issues : podman was updated to 1.8.0 : - CVE-2019-18466: Fixed a bug where podman cp would improperly copy files on the host when copying a symlink in the container that included a glob operator 3829 bsc1155217 -...
openSUSE: Security Advisory for cni, (openSUSE-SU-2020:0398-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2020:0398-1 Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman
This update for cni, cni-plugins, conmon, fuse-overlayfs, podman fixes the following issues: podman was updated to 1.8.0: - CVE-2019-18466: Fixed a bug where podman cp would improperly copy files on the host when copying a symlink in the container that included a glob operator 3829 bsc1155217 - T...
Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (moderate)
openSUSE Security Update: Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman Announcement ID: openSUSE-SU-2020:0398-1 Rating: moderate References: 1155217 1160460 1164390 Cross-References: CVE-2019-18466 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerabili...
SUSE SLES15 Security Update : cni, cni-plugins, conmon, fuse-overlayfs, podman (SUSE-SU-2020:0697-1)
This update for cni, cni-plugins, conmon, fuse-overlayfs, podman fixes the following issues : podman was updated to 1.8.0 : CVE-2019-18466: Fixed a bug where podman cp would improperly copy files on the host when copying a symlink in the container that included a glob operator 3829 bsc1155217 The...
CVE-2019-18466
An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a...
CVE-2019-18466
Podman libpod before 1.6.0 is affected by CVE-2019-18466. A symlink in the host context is resolved during a container-to-host copy due to an undesired glob, enabling a container image containing specific symlinks to overwrite host files when copied by a victim. Impact is local, with potential fi...