'podman cp' will resolve a carefully crafted symlink in host-filesystem space, yielding unexpected results when cp'ing from container to host. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.
This is a duplicate of this issue https://bugzilla.redhat.com/show_bug.cgi?id=1741709
Created podman tracking bugs for this issue:
Affects: fedora-all [bug 1754354]
Matt, Ed, Brent, Jhon do we have a fix for this?
#3829 is closed, and I've added regression tests, so I think this is resolved. I'm reluctant to close because I don't know which exact version and stream the reporter is on.
This issue did not affect the versions of podman as shipped with Red Hat Enterprise Linux 8 as they did not include support for the copy function.
This issue did not affect the versions of podman as shipped in OpenShift Container Platform 3.11 and 4.1 as they did not include support for the copy function.
The version of podman shipped in OpenShift Container Platform 4.2 was superseded by the version delivered Red Hat Enterprise Linux 8.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7 Extras
Via RHSA-2020:1227 https://access.redhat.com/errata/RHSA-2020:1227
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):