[USN-6295-1] Podman vulnerability

Leonidas S. Barbosa leo.barbosa at canonical.com
Wed Aug 16 20:12:54 UTC 2023

Ubuntu Security Notice USN-6295-1
August 16, 2023

libpod vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS


Podman could be made to expose sensitive information or
execute binary code.

Software Description:
- libpod: engine to run OCI-based containers in Pods


It was discovered that Podman incorrectly handled certain supplementary groups.
An attacker could possibly use this issue to expose sensitive information
or execute binary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
  podman                          3.4.4+ds1-1ubuntu1.22.04.2
  podman-docker                   3.4.4+ds1-1ubuntu1.22.04.2

In general, a standard system update will make all the necessary changes.


Package Information:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20230816/5e6a2fd8/attachment.sig>

More information about the ubuntu-security-announce mailing list