Lucene search
GoogleOSV:ALSA-2022:8431HistoryNov 15, 2022 - 12:00 a.m.
Low: podman security, bug fix, and enhancement update
2022-11-1500:00:00
Google
osv.dev
16
podman
security
bug fix
enhancement
kubernetes
cve-2022-2989
cve-2022-2990
bz#2120436
bz#2123319
bz#2123905
bz#2124676
bz#2136281
CVSS3
7.1
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
7.3
Confidence
High
EPSS
0.001
Percentile
17.8%
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
- podman: possible information disclosure and modification (CVE-2022-2989)
- buildah: possible information disclosure and modification (CVE-2022-2990)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- (podman image trust) does not support the new trust type "sigstoreSigned " (BZ#2120436)
- dnf-update broken for podman/catatonit (BZ#2123319)
- podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/ (BZ#2123905)
- podman kill may deadlock [AlmaLinux 9.1] (BZ#2124716)
- containers config.json gets empty after sudden power loss (BZ#2136278)
- PANIC podman API service endpoint handler panic (BZ#2136287)
Enhancement(s):
- Podman volume plugin timeout should be configurable [almalinux-9.1.0 Z] (BZ#2124676)
- [RFE]Podman support to perform custom actions on unhealthy containers (BZ#2136281)
Related
osv
osv
Low: container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 00:00:00
Low: container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 10:51:15
buildah-1.27.0-3.1 on GA media
2024-06-15 00:00:00
redhat
redhat
(RHSA-2022:8431) Low: podman security, bug fix, and enhancement update
2022-11-15 15:35:37
(RHSA-2022:7822) Low: container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 10:51:15
(RHSA-2022:8008) Moderate: buildah security and bug fix update
2022-11-15 06:13:14
oraclelinux
oraclelinux
podman security, bug fix, and enhancement update
2022-11-24 00:00:00
container-tools:ol8 security, bug fix, and enhancement update
2022-11-22 00:00:00
buildah security and bug fix update
2022-11-22 00:00:00
nessus
nessus
Oracle Linux 9 : podman (ELSA-2022-8431)
2022-11-24 00:00:00
AlmaLinux 9 : podman (ALSA-2022:8431)
2022-11-18 00:00:00
AlmaLinux 8 : container-tools:rhel8 (ALSA-2022:7822)
2022-11-14 00:00:00
almalinux
almalinux
Low: podman security, bug fix, and enhancement update
2022-11-15 00:00:00
Low: container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 00:00:00
Moderate: buildah security and bug fix update
2022-11-15 00:00:00
rocky
rocky
container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 10:51:15
container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 06:20:07
alpinelinux
alpinelinux
CVE-2022-2990
2022-09-13 14:15:08
CVE-2022-2989
2022-09-13 14:15:08
cbl_mariner
cbl_mariner
CVE-2022-2990 affecting package buildah for versions less than 1.18.0-17
2023-09-28 11:57:58
CVE-2022-2990 affecting package buildah for versions less than 1.18.0-24
2024-04-17 23:32:37
CVE-2022-2990 affecting package buildah 1.18.0-8
2024-10-01 22:11:53
debiancve
debiancve
CVE-2022-2990
2022-09-13 14:15:08
CVE-2022-2989
2022-09-13 14:15:08
veracode
veracode
Information Disclosure
2022-09-16 06:55:11
Information Disclosure
2022-09-16 06:34:58
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:4099-1)
2023-10-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3820-1)
2022-11-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3819-1)
2022-11-01 00:00:00
nvd
nvd
CVE-2022-2990
2022-09-13 14:15:08
CVE-2022-2989
2022-09-13 14:15:08
cve
cve
CVE-2022-2990
2022-09-13 14:15:08
CVE-2022-2989
2022-09-13 14:15:08
prion
prion
Information disclosure
2022-09-13 14:15:00
Information disclosure
2022-09-13 14:15:00
ubuntucve
ubuntucve
CVE-2022-2990
2022-09-13 00:00:00
CVE-2022-2989
2022-09-13 00:00:00
github
github
redhatcve
redhatcve
CVE-2022-2990
2022-08-25 14:10:09
CVE-2022-2989
2022-08-25 13:40:10
cvelist
cvelist
CVE-2022-2990
2022-09-13 13:44:21
CVE-2022-2989
2022-09-13 13:41:00
suse
suse
Security update for podman (moderate)
2022-10-31 00:00:00
Security update for podman (moderate)
2022-10-31 00:00:00
Security update for buildah (important)
2022-10-26 00:00:00
ubuntu
ubuntu
Podman vulnerability
2023-08-16 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2227
2023-09-05 09:31:53
mageia
mageia
Updated skopeo/buildah/podman packages fix security vulnerability
2023-07-07 08:54:45
gentoo
gentoo
podman: Multiple Vulnerabilities
2024-07-05 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0429
2023-07-18 00:00:00
CVSS3
7.1
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
7.3
Confidence
High
EPSS
0.001
Percentile
17.8%
Related for OSV:ALSA-2022:8431