{"id":"MGASA-2023-0213","summary":"Updated skopeo/buildah/podman packages fix security vulnerability","details":"Information disclosure flaw was found in Buildah (CVE-2021-3602)\npodman allows forwarding hosts ports to vm from within vm (CVE-2021-4024)\nAllows use  \"../\" separators in containernetworking/cni to reference\nbinaries such as 'reboot' in network configuration (CVE-2021-20206)\ngithub.com/containers/storage ddos via crafted tar file (CVE-2021-20291)\nbuildah improper checking of X.509 certificate (CVE-2021-34558)\nbuildah improper Content-Type checking (CVE-2021-41190)\npodman privilege escalation (CVE-2022-1227)\npodman incorrect handling of the supplementary groups (CVE-2022-2989)\nbuildah incorrect handling of the supplementary groups (CVE-2022-2990)\nskopeo/podman Denial of Service through unbounded cardinality, and\npotential memory exhaustion (CVE-2022-21698)\nbuildah/podman AddHostKey denail of service (CVE-2022-27191)\npodman inheritable file capabilities (CVE-2022-27649)\nbuildah inheritable file capabilities (CVE-2022-27651)\n","modified":"2026-04-16T00:10:30.615982871Z","published":"2023-07-07T05:54:45Z","upstream":["CVE-2021-20206","CVE-2021-20291","CVE-2021-34558","CVE-2021-3602","CVE-2021-4024","CVE-2021-41190","CVE-2022-1227","CVE-2022-21698","CVE-2022-27191","CVE-2022-27649","CVE-2022-27651","CVE-2022-2989","CVE-2022-2990"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0213.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28885"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYOHNG2Q7DCAQZMGYLMENLKALGDLG3X/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/25LCWXTFK5CEUYRWF74Y4C7VIMWDH2OI/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/R5D7XL7FL24TWFMGQ3K2S72EOUSLZMKL/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/F3ARUFZTP54XZ36JGEVCIBJZPX4LTF3G/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GWKDCFQ4EVHMJJ6V2EAABHSRZK34HUUT/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IKOQ2O3CAYO75ZV2PUCTL6G72K7JVGCT/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QKTJEKY2C35BIT22ZIPQZRQ4WY6ZW4W5/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XOKBC52ABMXFW242S6YAQLBUX3QPEDOR/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A4W4OXY44AKASYVR6NZPWKHHCVDI7LMX/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HRFGZZIO26CZN3P2K72PZABZKT5J4IUT/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OPCGIPJ4YWKRBYUO5NIO6H5RZROPWZVJ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZNMB7O2UIXE34PGSCSOULGHPX5LIJBMM/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XNDJJ36ISNZQL6I3K25POE5HZZJYUEIV/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GDWE3ABI6VTR2BO4UV3HXEUYUN5CKUES/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1969264"},{"type":"ADVISORY","url":"https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZAB6D3CGIKTOPITATFKEJEJZRRFUNAAF/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WYEKQOCOMRYA54WFUPJNNBZD5CPNRGHX/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4ZGUZD4KLTFHCQDYKB64PUVEWIB3YTL2/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LALQQUUGFHODEBITRRY26YKZFR2FQN5X/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/75MV35CPCW3Q5MAQR6OGEJEYVVEZ2MXI/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CAYDF5STQQ2MWYFKJISEVKKCDRW6K3MP/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3TUZNDAH2B26VPBK342UC3BHZNLBUXGX/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IA7RFWWF2TAD6ABTSEOCANQQEGMSU4YP/"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5BA2TLW7O5ZURGQUAQUH4HD5SQYNDDZ6/"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WFIDXN6UAK2I4PPVFPBE4STNQH2FZQ4A/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FY3N7H6VSDZM37B4SKM2PFFCUWU7QYWN/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2VWH6X6HOFPO6HTESF42HIJZEPXSWVIO/"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/COAZMKGIFFK6JHHLFRHHTVMQ4HK5XI73/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2IK53GWZ475OQ6ENABKMJMTOBZG6LXUR/"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3XQI3JGSN3QUR2TTD5PKGO62TDA7VS3I/"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BOSR3QWWI2B7POIUKKJJMCEE2T3PFI5B/"},{"type":"WEB","url":"https://lists.suse.com/pipermail/sle-security-updates/2022-October/012775.html"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PL4K6SMPK6ISI4ZPOM3PI6GAYO6XYPYB/"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2022:7822"},{"type":"WEB","url":"https://lists.suse.com/pipermail/sle-security-updates/2023-January/013557.html"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NKDIDANN2OO6H6AMGCEODFI5ZES7PJYI/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HX2XHVJTED7LYWP3LLJ3FTJMPQ4KYG44/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/I5RR5DUZHU2FFOE3EKYH6T74SA43EB4T/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6170-1"}],"affected":[{"package":{"name":"skopeo","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/skopeo?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.0-2.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0213.json"}},{"package":{"name":"conmon","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/conmon?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.5-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0213.json"}},{"package":{"name":"buildah","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/buildah?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.30.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0213.json"}},{"package":{"name":"podman","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/podman?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.5.1-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0213.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}