podman
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Tool and library for running OCI-based containers in pods |
| Version | 5.0.2-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2591 | 3.4.2-1 | 3.4.4-1 | Medium | Fixed | |
| AVG-1517 | 2.2.1-2 | 3.0.0-1 | Medium | Fixed | |
| AVG-1233 | 2.0.6-1 | 2.1.0-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-41190 | AVG-2591 | Medium | Yes | Insufficient validation | In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull... |
| CVE-2021-20199 | AVG-1517 | Medium | Yes | Insufficient validation | Rootless containers run with Podman from version 1.8.0 up to 2.2.1 receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts).... |
| CVE-2021-4024 | AVG-2591 | Medium | Yes | Information disclosure | A security issue was found in Podman before version 3.4.3. The "podman machine" function (used to create and manage Podman virtual machine containing a... |
| CVE-2020-14370 | AVG-1233 | High | Yes | Information disclosure | A flaw was discovered in Podman before upstream version 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 26 Sep 2020 | ASA-202009-11 | AVG-1233 | High | information disclosure |