SUSE update for podman

1) Input validation error

EUVDB-ID: #VU98140

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-9407

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files.

Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.

Mitigation

Update the affected package podman to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

Containers Module: 15-SP5 - 15-SP6

SUSE Linux Enterprise Real Time 15: SP5 - SP6

openSUSE Leap: 15.5 - 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6

SUSE Linux Enterprise Server 15: SP5 - SP6

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise High Performance Computing 15: SP5

podman-docker: before 4.9.5-150500.3.25.1

podman-remote-debuginfo: before 4.9.5-150500.3.25.1

podman-remote: before 4.9.5-150500.3.25.1

podman: before 4.9.5-150500.3.25.1

podman-debuginfo: before 4.9.5-150500.3.25.1

podmansh: before 4.9.5-150500.3.25.1

CPE2.3

• cpe:2.3:o:suse:opensuse_leap_micro:5.5:*:*:*:*:*:*:
• cpe:2.3:o:suse:containers_module:15-SP6:*:*:*:*:*:*:
• cpe:2.3:o:suse:containers_module:15-SP5:*:*:*:*:*:*:
• cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:
• cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP5:*:*:*:*:*:*:
• cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:
• cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
• cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:
• cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.5:*:*:*:*:*:*:
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243741-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Path traversal

EUVDB-ID: #VU98828

Risk: Low

CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-9675

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to input validation error when processing directory traversal sequences in cache mounts. A local user can execute a 'RUN' instruction in a Container file to mount an arbitrary directory from the host into the container as long as those files can be accessed by the user running Buildah.

Mitigation

Update the affected package podman to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

Containers Module: 15-SP5 - 15-SP6

SUSE Linux Enterprise Real Time 15: SP5 - SP6

openSUSE Leap: 15.5 - 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6

SUSE Linux Enterprise Server 15: SP5 - SP6

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise High Performance Computing 15: SP5

podman-docker: before 4.9.5-150500.3.25.1

podman-remote-debuginfo: before 4.9.5-150500.3.25.1

podman-remote: before 4.9.5-150500.3.25.1

podman: before 4.9.5-150500.3.25.1

podman-debuginfo: before 4.9.5-150500.3.25.1

podmansh: before 4.9.5-150500.3.25.1

CPE2.3

• cpe:2.3:o:suse:opensuse_leap_micro:5.5:*:*:*:*:*:*:
• cpe:2.3:o:suse:containers_module:15-SP6:*:*:*:*:*:*:
• cpe:2.3:o:suse:containers_module:15-SP5:*:*:*:*:*:*:
• cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:
• cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP5:*:*:*:*:*:*:
• cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:
• cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
• cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:
• cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.5:*:*:*:*:*:*:
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243741-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.