Bugzilla – Bug 1221677
VUL-0: CVE-2024-1753: buildah: full container escape at build time
Last modified: 2024-07-22 15:30:26 UTC
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1753 https://www.cve.org/CVERecord?id=CVE-2024-1753 https://access.redhat.com/security/cve/CVE-2024-1753 https://bugzilla.redhat.com/show_bug.cgi?id=2265513 https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3
15 SP5: https://build.suse.de/request/show/324356 Factory: https://build.opensuse.org/request/show/1159325
15 SP3: https://build.suse.de/request/show/324360 15 SP4: https://build.suse.de/request/show/324361
SP1: https://build.suse.de/request/show/324368
Podman update for SP3: https://build.suse.de/request/show/324375 Podman update for SP4: https://build.suse.de/request/show/324374
Podman update for SLE 15 SP5: https://build.suse.de/request/show/324382
We feel the fix is not required on SLE15-SP1 because the affected feature in question was introduced with buildah v1.24.0 and SLE15-SP1 runs podman v2.1.1 which vendors buildah v1.16.1. We've tested this locally and are waiting currently for upstream to confirm the same[1]. [1] - https://github.com/containers/buildah/discussions/5420
SUSE-SU-2024:1059-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1221677 CVE References: CVE-2024-1753 Maintenance Incident: [SUSE:Maintenance:33052](https://smelt.suse.de/incident/33052/) Sources used: openSUSE Leap 15.3 (src): podman-4.4.4-150300.9.26.2 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): podman-4.4.4-150300.9.26.2 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): podman-4.4.4-150300.9.26.2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): podman-4.4.4-150300.9.26.2 SUSE Enterprise Storage 7.1 (src): podman-4.4.4-150300.9.26.2 SUSE Linux Enterprise Micro 5.1 (src): podman-4.4.4-150300.9.26.2 SUSE Linux Enterprise Micro 5.2 (src): podman-4.4.4-150300.9.26.2 SUSE Linux Enterprise Micro for Rancher 5.2 (src): podman-4.4.4-150300.9.26.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1058-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1221677 CVE References: CVE-2024-1753 Maintenance Incident: [SUSE:Maintenance:33051](https://smelt.suse.de/incident/33051/) Sources used: openSUSE Leap 15.4 (src): podman-4.4.4-150400.4.22.1 openSUSE Leap Micro 5.3 (src): podman-4.4.4-150400.4.22.1 openSUSE Leap Micro 5.4 (src): podman-4.4.4-150400.4.22.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): podman-4.4.4-150400.4.22.1 SUSE Linux Enterprise Micro 5.3 (src): podman-4.4.4-150400.4.22.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): podman-4.4.4-150400.4.22.1 SUSE Linux Enterprise Micro 5.4 (src): podman-4.4.4-150400.4.22.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): podman-4.4.4-150400.4.22.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): podman-4.4.4-150400.4.22.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): podman-4.4.4-150400.4.22.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): podman-4.4.4-150400.4.22.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1146-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1221677 CVE References: CVE-2024-1753 Maintenance Incident: [SUSE:Maintenance:33011](https://smelt.suse.de/incident/33011/) Sources used: openSUSE Leap 15.5 (src): podman-4.8.3-150500.3.9.1 SUSE Linux Enterprise Micro 5.5 (src): podman-4.8.3-150500.3.9.1 Containers Module 15-SP5 (src): podman-4.8.3-150500.3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1145-1: An update that solves one vulnerability and has two security fixes can now be installed. Category: security (important) Bug References: 1219563, 1220568, 1221677 CVE References: CVE-2024-1753 Maintenance Incident: [SUSE:Maintenance:32911](https://smelt.suse.de/incident/32911/) Sources used: openSUSE Leap 15.3 (src): buildah-1.34.1-150300.8.22.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): buildah-1.34.1-150300.8.22.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): buildah-1.34.1-150300.8.22.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): buildah-1.34.1-150300.8.22.1 SUSE Enterprise Storage 7.1 (src): buildah-1.34.1-150300.8.22.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1144-1: An update that solves one vulnerability and has two security fixes can now be installed. Category: security (important) Bug References: 1219563, 1220568, 1221677 CVE References: CVE-2024-1753 Maintenance Incident: [SUSE:Maintenance:32912](https://smelt.suse.de/incident/32912/) Sources used: openSUSE Leap 15.4 (src): buildah-1.34.1-150400.3.27.1 openSUSE Leap Micro 5.3 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1 openSUSE Leap Micro 5.4 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1 SUSE Linux Enterprise Micro 5.3 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1 SUSE Linux Enterprise Micro 5.4 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1 Public Cloud Module 15-SP2 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1, buildah-1.34.1-150400.3.27.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1, buildah-1.34.1-150400.3.27.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1, buildah-1.34.1-150400.3.27.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1, buildah-1.34.1-150400.3.27.1 SUSE Enterprise Storage 7.1 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1 SUSE Linux Enterprise Micro 5.1 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1 SUSE Linux Enterprise Micro 5.2 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): cni-plugins-0.8.6-150100.3.22.3, cni-0.7.1-150100.3.18.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1143-1: An update that solves one vulnerability and has two security fixes can now be installed. Category: security (important) Bug References: 1219563, 1220568, 1221677 CVE References: CVE-2024-1753 Maintenance Incident: [SUSE:Maintenance:32913](https://smelt.suse.de/incident/32913/) Sources used: openSUSE Leap 15.5 (src): buildah-1.34.1-150500.3.7.1 Containers Module 15-SP5 (src): buildah-1.34.1-150500.3.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1142-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1221677 CVE References: CVE-2024-1753 Maintenance Incident: [SUSE:Maintenance:33005](https://smelt.suse.de/incident/33005/) Sources used: SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): buildah-1.25.1-150100.3.23.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): buildah-1.25.1-150100.3.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): buildah-1.25.1-150100.3.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.