Nixpkgs Security Tracker

Drafts

to create a Nixpkgs security record and open a GitHub issue for tracking resolution. This action will notify maintainers and package subscribers, and cannot be revoked.

to remove a suggestion from the queue.

CVE-2025-4953

7.4 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

updated 2 months, 1 week ago by @LeSuisse Activity log

Created automatic suggestion 3 months, 3 weeks ago
@LeSuisse removed
7 packages
- podman-tui
- podman-bootc
- podman-compose
- podman-desktop
- nomad-driver-podman
- python312Packages.podman
- python313Packages.podman
2 months, 1 week ago
@LeSuisse accepted as draft 2 months, 1 week ago

Podman: build context bind mount

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.

Affected products

runc

cri-o

rhcos

conmon

kernel

podman

skopeo

buildah

haproxy

ignition

cri-tools

kernel-rt

openshift

openshift-kuryr

openshift-ansible

openshift-clients

openshift4-aws-iso

container-tools:rhel8

containernetworking-plugins

container-tools:rhel8/podman

Matching in nixpkgs

pkgs.podman

Program for managing pods, containers and container images

nixos-unstable -
- nixpkgs-unstable 5.6.1

Package maintainers: 2

@saschagrunert Sascha Grunert <mail@saschagrunert.de>
@vdemeester Vincent Demeester <vincent@sbr.pm>