A flaw was found in Oslo Rootwrap CommandFilter function. IpNetnsExecFilter can be bypassed when an specific filter is enabled this could allow arbitrary code execution
Hum, am I supposed to do anything?
Upstream have made the bug public:
Name: Daniel Alvarez (Red Hat)
This has been treated as a hardening issue upstream and likewise here. The issue, which is not considered a vulnerability, will be fixed as features are pulled in from upstream.