[manjaro-security] [ASA-202009-11] podman: information disclosure
foxboron at archlinux.org
Tue Sep 29 18:40:19 CEST 2020
Arch Linux Security Advisory ASA-202009-11
Date : 2020-09-26
CVE-ID : CVE-2020-14370
Package : podman
Type : information disclosure
Remote : Yes
Link : https://security.archlinux.org/AVG-1233
The package podman before version 2.1.0-1 is vulnerable to information
Upgrade to 2.1.0-1.
# pacman -Syu "podman>=2.1.0-1"
The problem has been fixed upstream in version 2.1.0.
A flaw was discovered in Podman before upstream version 2.0.5. When
using the deprecated Varlink API or the Docker-compatible REST API, if
multiple containers are created in a short duration, the environment
variables from the first containers will get leaked into subsequent
containers. An attacker who has control over those subsequent
containers may get access to secrets shared with previous containers
through environment variables.
A local privileged user can potentially view secrets in environment
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the manjaro-security