Bugzilla – Bug 1097970
VUL-0: CVE-2018-10856: podman: Containers run as non-root users do not drop capabilities
Last modified: 2022-02-04 18:25:23 UTC
Podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.
is to be in CAASP 3 and 4 and also in Factory.
no IBS maitnainer assigned yet.
Thanks for opening the issue. Factory isn't affected anymore, as we're already on v0.6.2 and I just opened an SR for v0.6.3 an hour ago.
In case of CaaSP, I think that we can update it. Note that Podman isn't run by default in _any_ deployment; it's sole purpose is to help debugging a CRI-O cluster (tech preview).
SUSE-SU-2018:2704-1: An update that fixes one vulnerability is now available.
Category: security (moderate)
Bug References: 1097970
CVE References: CVE-2018-10856
SUSE CaaS Platform 3.0 (src): podman-0.8.5-3.3.1
Marcus, can we close this bug? The update is finally available but I am hesitant to close it as I am not part of the security team.
updates are released