Уязвимость CVE-2024-1753: Информация
Описание
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
buildah | sisyphus | 1.35.1-alt1 | 1.36.0-alt1 | ALT-PU-2024-4351-1 | 343349 | Исправлено |
buildah | sisyphus_riscv64 | 1.35.1-alt1 | 1.36.0-alt1 | ALT-PU-2024-4416-1 | - | Исправлено |
buildah | sisyphus_loongarch64 | 1.35.1-alt1.1 | 1.36.0-alt1 | ALT-PU-2024-4429-1 | - | Исправлено |
buildah | p10 | 1.34.3-alt0.p10 | 1.34.3-alt0.p10 | ALT-PU-2024-4646-2 | 343760 | Исправлено |
buildah | c10f1 | 1.34.3-alt0.p10 | 1.34.3-alt0.p10 | ALT-PU-2024-7024-3 | 345716 | Исправлено |
buildah | p11 | 1.35.1-alt1 | 1.36.0-alt1 | ALT-PU-2024-4351-1 | 343349 | Исправлено |
podman | sisyphus | 5.0.0-alt1 | 5.1.1-alt1 | ALT-PU-2024-4349-1 | 343349 | Исправлено |
podman | sisyphus_riscv64 | 5.0.0-alt1 | 5.1.1-alt1 | ALT-PU-2024-4415-1 | - | Исправлено |
podman | sisyphus_loongarch64 | 5.0.0-alt1 | 5.1.1-alt1 | ALT-PU-2024-4426-1 | - | Исправлено |
podman | p10 | 4.9.4-alt0.p10 | 4.9.4-alt0.p10 | ALT-PU-2024-4644-2 | 343760 | Исправлено |
podman | p11 | 5.0.0-alt1 | 5.1.0-alt1 | ALT-PU-2024-4349-1 | 343349 | Исправлено |