Bug 2066568 (CVE-2022-27649)
| Summary: | CVE-2022-27649 podman: Default inheritable capabilities for linux container should be empty | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | TEJ RATHI <trathi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acui, ahanwate, bbaude, bmontgom, carnil, container-sig, debarshir, dwalsh, eparis, jburrell, jligon, jnovy, jokerman, lsm5, mheon, nstielau, patrick, pehunt, pthomas, rh.container.bot, santiago, security-response-team, sponnaga, tsweeney, umohnani, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | podman 4.0.3 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-12-06 01:02:51 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2067502, 2067503, 2067504, 2067505, 2067506, 2067507, 2067508, 2067509, 2067510, 2067511, 2067512, 2067513, 2067514, 2067515, 2067516, 2067517, 2067518, 2067519, 2067520, 2067521, 2067522, 2067523, 2067524, 2067525, 2067526, 2067527, 2070102, 2070103 | ||
| Bug Blocks: | 2064591, 2070125 | ||
|
Description
TEJ RATHI
2022-03-22 05:02:47 UTC
Created podman tracking bugs for this issue: Affects: fedora-all [bug 2070102] Reference to podman project: https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:1407 https://access.redhat.com/errata/RHSA-2022:1407 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1565 https://access.redhat.com/errata/RHSA-2022:1565 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1566 https://access.redhat.com/errata/RHSA-2022:1566 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1762 https://access.redhat.com/errata/RHSA-2022:1762 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:4651 https://access.redhat.com/errata/RHSA-2022:4651 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:4816 https://access.redhat.com/errata/RHSA-2022:4816 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-27649 |