podman is vulnerable to arbitrary file read. The vulnerability exists through an improper symlink resolution allows access to host files when executing podman cp
on running containers.
lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html
access.redhat.com/errata/RHSA-2019:1907
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1717919
bugzilla.redhat.com/show_bug.cgi?id=1727873
bugzilla.redhat.com/show_bug.cgi?id=1728242
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10152
github.com/containers/libpod/blob/master/RELEASE_NOTES.md#140
github.com/containers/libpod/issues/3211
github.com/containers/libpod/pull/3214