podman-1.6.4-29.el7

エラータID: AXSA:2021-1611:02

Release date: 
Wednesday, March 24, 2021 - 06:38
Subject: 
podman-1.6.4-29.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The podman tool manages pods, container images, and containers. It is part of
the libpod library, which is for applications that use container pods. Container
pods is a concept in Kubernetes.

Security Fix(es):

* podman: container users permissions are not respected in privileged
containers (CVE-2021-20188)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2021-20188
A flaw was found in podman before 1.7.0. File permissions for non-root users
running in a privileged container are not correctly checked. This flaw can be
abused by a low-privileged user inside the container to access any other file in
the container, even if owned by the root user inside the container. It does not
allow to directly escape the container, though being a privileged container
means that a lot of security features are disabled when running the container.
The highest threat from this vulnerability is to data confidentiality and
integrity as well as system availability.

Solution: 

Update packages.

CVEs: 
CVE-2021-20188
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Additional Info: 

N/A

Download: 

SRPMS
  1. podman-1.6.4-29.el7.src.rpm
    MD5: ced98154518af376cd9f42a580a72afe
    SHA-256: 2fcf97ebc43a60ab9e9da9cbadc6f31ebc3d54e1a5a5ba0d5d8b0409a3080475
    Size: 9.07 MB

Asianux Server 7 for x86_64
  1. podman-1.6.4-29.el7.x86_64.rpm
    MD5: 7e62e3bfde86517aa594229d6f01b63f
    SHA-256: 9edf8b9ec2afad535e491e2981c99bec2824be0c998d108811830e3e55e7a839
    Size: 12.85 MB
  2. podman-docker-1.6.4-29.el7.noarch.rpm
    MD5: 57731d0920d95461f7720f0ac37f6a17
    SHA-256: 9f54cf6560af610a125b1a577ba792a2d2d45270626bcc34cbab841d669a3e3f
    Size: 30.57 kB