Comments (4)
rhatdan
commented on June 9, 2024
Podman has not used varlink for many years.
from podman.
eslerm
commented on June 9, 2024
Thanks @rhatdan
@marcruef please consider disputing or rejecting the CVE VulDB assigned.
from podman.
marcruef
commented on June 9, 2024
Thanks for the feedback. We are happy to update the CVE entry as quickly as possible.
Yes, the assignment was based on the disclosure of https://www.exploit-db.com/exploits/47500
It mentions to have been tested on version 1.5.1 which was released in August 2019: https://github.com/containers/podman/releases/tag/v1.5.1
To me it is unclear whether CVE-2019-25067 is a duplicate of CVE-2019-10152 or if it is a false-positive at all.
from podman.
eslerm
commented on June 9, 2024
Since VulDB assigned and wrote the description for CVE-2019-25067, is VulDB able to determine if it duplicates CVE-2019-10152 (and possibly other CVEs)?
Can your CNA determine the "unknown part of the component API" mentioned in CVE-2019-25067?
CVE-2019-25067: A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
from podman.
Related Issues (20)
- [tracker] memory test oomkilled container HOT 4
- MacOS Podman machine builds do not enforce lint checks HOT 3
- docker 25 CLI is unable to run a container in quay.io/podman/upstream: default networking argument issue HOT 16
- Why is podman compose not available on non x86_64 & non arm? HOT 2
- CI RFE: logformatter for macos/windows machine tests HOT 14
- Data corruption on "down" with podman kube play HOT 4
- v5.0.0-rc2 MacOS pkg has wrong arch HOT 4
- Hi, Is it possible to add a `0:00` string in meeting notes/description, to enable youtube to create video chapters?
- xz decompression in pkg/machine bugs
- Event is not reported by podman if filter contains image=<image> HOT 1
- `--platform` argument in Dockerfile is silently ignored HOT 1
- Unable to pull image with podman desktop HOT 1
- [tracker][low pri] e2e: kube play expose char device: Error descending into path /dev/foodevXXXX: ENOENT HOT 1
- `podman build` ignores existing tags, doesn't match Docker behaviour when `--platform` is used HOT 3
- As a user I want to pull locally OCI artifacts from remote registry HOT 2
- API documentation error HOT 2
- Mac M1, Podman build spends a lot of time doing "something" not sure what before the actual build steps. Lots of network usage via gvproxy. Even for a tiny image such as alpine HOT 6
- Multiple filter options do not act as logical AND for podman images HOT 2
- Podman socket dies (Failed with result 'trigger-limit-hit + XDG_RUNTIME_DIR issues') HOT 1
- Quadlet .network systemd unit succeeds when it should fail HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from podman.