OESA-2025-1074

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1074
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1074.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-1074
Upstream
Published
2025-01-24T13:37:38Z
Modified
2025-08-12T05:36:40.841227Z
Summary
podman security update
Details

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library.

Security Fix(es):

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.(CVE-2022-27649)

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.(CVE-2022-2989)

A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.(CVE-2023-0778)

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.(CVE-2024-24785)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:22.03-LTS-SP4 / podman

Package

Name
podman
Purl
pkg:rpm/openEuler/podman&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.4-8.oe2203sp4

Ecosystem specific 

{
    "aarch64": [
        "podman-3.4.4-8.oe2203sp4.aarch64.rpm",
        "podman-debuginfo-3.4.4-8.oe2203sp4.aarch64.rpm",
        "podman-debugsource-3.4.4-8.oe2203sp4.aarch64.rpm",
        "podman-gvproxy-3.4.4-8.oe2203sp4.aarch64.rpm",
        "podman-plugins-3.4.4-8.oe2203sp4.aarch64.rpm",
        "podman-remote-3.4.4-8.oe2203sp4.aarch64.rpm"
    ],
    "x86_64": [
        "podman-3.4.4-8.oe2203sp4.x86_64.rpm",
        "podman-debuginfo-3.4.4-8.oe2203sp4.x86_64.rpm",
        "podman-debugsource-3.4.4-8.oe2203sp4.x86_64.rpm",
        "podman-gvproxy-3.4.4-8.oe2203sp4.x86_64.rpm",
        "podman-plugins-3.4.4-8.oe2203sp4.x86_64.rpm",
        "podman-remote-3.4.4-8.oe2203sp4.x86_64.rpm"
    ],
    "src": [
        "podman-3.4.4-8.oe2203sp4.src.rpm"
    ],
    "noarch": [
        "podman-docker-3.4.4-8.oe2203sp4.noarch.rpm",
        "podman-help-3.4.4-8.oe2203sp4.noarch.rpm"
    ]
}