*** This bug is a security vulnerability ***
Public security bug reported:
Ubuntu 20.04 ships currently with podman 3.4.4. Current upstream is at
version 3.4.7 and ships with a number of security updates:
3.4.7
* This release addresses CVE-2022-1227, where running podman top on a container
made from a maliciously-crafted image and using a user namespace could allow
for code execution in the host context.
3.4.6
* This release addresses CVE-2022-27191, where an attacker could potentially
cause crashes in remote Podman by using incorrect SSH ciphers.
3.4.5
* This release addresses CVE-2022-27649, where Podman would set excess
inheritable capabilities for processes in containers.
Bugfixes
** Affects: libpod (Ubuntu)
Importance: Undecided
Status: New
** Affects: libpod (Ubuntu Impish)
Importance: Undecided
Status: New
** Affects: libpod (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: libpod (Ubuntu Kinetic)
Importance: Undecided
Status: New
** Also affects: libpod (Ubuntu Impish)
Importance: Undecided
Status: New
** Also affects: libpod (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: libpod (Ubuntu Kinetic)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1971034
Title:
Several security issues in libpod 3.4.x
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/1971034/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
