podman

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Tool and library for running OCI-based containers in pods
Version 5.3.1-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2591 3.4.2-1 3.4.4-1 Medium Fixed
AVG-1517 2.2.1-2 3.0.0-1 Medium Fixed
AVG-1233 2.0.6-1 2.1.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-41190 AVG-2591 Medium Yes Insufficient validation
In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull...
CVE-2021-20199 AVG-1517 Medium Yes Insufficient validation
Rootless containers run with Podman from version 1.8.0 up to 2.2.1 receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts)....
CVE-2021-4024 AVG-2591 Medium Yes Information disclosure
A security issue was found in Podman before version 3.4.3. The "podman machine" function (used to create and manage Podman virtual machine containing a...
CVE-2020-14370 AVG-1233 High Yes Information disclosure
A flaw was discovered in Podman before upstream version 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple...

Advisories

Date Advisory Group Severity Type
26 Sep 2020 ASA-202009-11 AVG-1233 High information disclosure