Bugzilla – Bug 1097970
VUL-0: CVE-2018-10856: podman: Containers run as non-root users do not drop capabilities
Last modified: 2022-02-04 18:25:23 UTC
Podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container. References: https://bugzilla.redhat.com/show_bug.cgi?id=1592166 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10856
is to be in CAASP 3 and 4 and also in Factory. no IBS maitnainer assigned yet.
Thanks for opening the issue. Factory isn't affected anymore, as we're already on v0.6.2 and I just opened an SR for v0.6.3 an hour ago. In case of CaaSP, I think that we can update it. Note that Podman isn't run by default in _any_ deployment; it's sole purpose is to help debugging a CRI-O cluster (tech preview).
SUSE-SU-2018:2704-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1097970 CVE References: CVE-2018-10856 Sources used: SUSE CaaS Platform 3.0 (src): podman-0.8.5-3.3.1
Marcus, can we close this bug? The update is finally available but I am hesitant to close it as I am not part of the security team.
updates are released