Untriaged
Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile
A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.
Affected products
rhcos
- *
podman
- *
buildah
- <1.35.5
- <1.38.1
- <1.33.12
- <1.37.6
- *
container-tools:rhel8
- *
container-tools:rhel8/podman
container-tools:rhel8/buildah
Matching in nixpkgs
pkgs.podman
Program for managing pods, containers and container images
-
nixos-unstable -
- nixpkgs-unstable 5.6.1
pkgs.podman-tui
Podman Terminal UI
-
nixos-unstable -
- nixpkgs-unstable 1.8.0
pkgs.podman-bootc
Streamlining podman+bootc interactions
-
nixos-unstable -
- nixpkgs-unstable 0.1.2
pkgs.podman-compose
Implementation of docker-compose with podman backend
-
nixos-unstable -
- nixpkgs-unstable 1.5.0
pkgs.podman-desktop
Graphical tool for developing on containers and Kubernetes
-
nixos-unstable -
- nixpkgs-unstable 1.21.0
pkgs.buildah-unwrapped
Tool which facilitates building OCI images
-
nixos-unstable -
- nixpkgs-unstable 1.41.4
pkgs.nomad-driver-podman
Podman task driver for Nomad
-
nixos-unstable -
- nixpkgs-unstable 0.6.3
pkgs.python312Packages.podman
Python bindings for Podman's RESTful API
-
nixos-unstable -
- nixpkgs-unstable 5.6.0
pkgs.python313Packages.podman
Python bindings for Podman's RESTful API
-
nixos-unstable -
- nixpkgs-unstable 5.6.0
Package maintainers
-
@vdemeester Vincent Demeester <vincent@sbr.pm>
-
@saschagrunert Sascha Grunert <mail@saschagrunert.de>
-
@cpcloud Phillip Cloud
-
@evan-goode Evan Goode <mail@evangoo.de>
-
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
-
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
-
@aaronjheng Aaron Jheng <wentworth@outlook.com>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>