2383941 – (CVE-2025-8283) CVE-2025-8283 netavark: podman: netavark may resolve hostnames to unexpected hosts

Bug 2383941 (CVE-2025-8283) - CVE-2025-8283 netavark: podman: netavark may resolve hostnames to unexpected hosts

Summary: CVE-2025-8283 netavark: podman: netavark may resolve hostnames to unexpected ...

Keywords:
Status:	NEW
Alias:	CVE-2025-8283
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-07-28 14:37 UTC by OSIDB Bzimport
Modified:	2025-07-28 18:12 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-07-28 14:37:33 UTC

Netavark was recently changed, when being used with podman, to remove the dns.podman search domain in detriment of using the host's search domain in the container. This leads to a possible DNS resolve confusion in some scenarios where the container created using podman have the same hostname as an external service. This may lead to containers communicating to unexpected servers instead of the desired one.

Comment 2 Marco Benatto 2025-07-28 15:36:38 UTC

Upstream commit fixing this issue:
https://github.com/containers/netavark/pull/1256/commits/03f12695a696c7fe407eefebd7d5ad3cf2e934fe

Note You need to log in before you can comment on or make changes to this bug.