SUSE update for podman
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2021-20199 CVE-2021-20206 CVE-2021-4024 CVE-2021-41190 CVE-2022-21698 CVE-2022-27191 CVE-2022-27649 CVE-2022-2989 |
| CWE-ID | CWE-346 CWE-424 CWE-200 CWE-843 CWE-20 CWE-327 CWE-264 CWE-863 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SUSE Linux Enterprise Server for SAP Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing Operating systems & Components / Operating system openSUSE Leap Micro Operating systems & Components / Operating system SUSE Enterprise Storage Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system podman-cni-config Operating systems & Components / Operating system package or component podman-debuginfo Operating systems & Components / Operating system package or component podman Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Origin validation error
EUVDB-ID: #VU50275
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-20199
CWE-ID:
CWE-346 - Origin Validation Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to missing authentication when connecting from all sources. A remote attacker can send a specially crafted request and bypass access restrictions to containerized applications.
MitigationUpdate the affected package podman to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP3
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-ESPOS - 15-SP3-LTSS
openSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 7.1
SUSE Linux Enterprise Micro: 5.1 - 5.2
podman-cni-config: before 4.3.1-150300.9.15.1
podman-debuginfo: before 4.3.1-150300.9.15.1
podman: before 4.3.1-150300.9.15.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230326-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Protection of Alternate Path
EUVDB-ID: #VU55590
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-20206
CWE-ID:
CWE-424 - Improper Protection of Alternate Path
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the affected system.
the vulnerability exists due to improper input validation. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows a remote user to execute other existing binaries other than the cni plugins/types, such as 'reboot'.
MitigationUpdate the affected package podman to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP3
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-ESPOS - 15-SP3-LTSS
openSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 7.1
SUSE Linux Enterprise Micro: 5.1 - 5.2
podman-cni-config: before 4.3.1-150300.9.15.1
podman-debuginfo: before 4.3.1-150300.9.15.1
podman: before 4.3.1-150300.9.15.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230326-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU58668
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4024
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the "podman machine" function. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package podman to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP3
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-ESPOS - 15-SP3-LTSS
openSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 7.1
SUSE Linux Enterprise Micro: 5.1 - 5.2
podman-cni-config: before 4.3.1-150300.9.15.1
podman-debuginfo: before 4.3.1-150300.9.15.1
podman: before 4.3.1-150300.9.15.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230326-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Type Confusion
EUVDB-ID: #VU58229
Risk: Low
CVSSv3.1: 2.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-41190
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the system.
The vulnerability exists due to a type confusion error. A remote authenticated attacker can pass specially crafted data to the application, trigger a type confusion error and interpret the resulting content differently.
MitigationUpdate the affected package podman to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP3
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-ESPOS - 15-SP3-LTSS
openSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 7.1
SUSE Linux Enterprise Micro: 5.1 - 5.2
podman-cni-config: before 4.3.1-150300.9.15.1
podman-debuginfo: before 4.3.1-150300.9.15.1
podman: before 4.3.1-150300.9.15.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230326-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU61599
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21698
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within method label cardinality. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package podman to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP3
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-ESPOS - 15-SP3-LTSS
openSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 7.1
SUSE Linux Enterprise Micro: 5.1 - 5.2
podman-cni-config: before 4.3.1-150300.9.15.1
podman-debuginfo: before 4.3.1-150300.9.15.1
podman: before 4.3.1-150300.9.15.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230326-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU62039
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27191
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b, as used in Go programming language. A remote attacker can crash a server in certain circumstances involving AddHostKey.
MitigationUpdate the affected package podman to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP3
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-ESPOS - 15-SP3-LTSS
openSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 7.1
SUSE Linux Enterprise Micro: 5.1 - 5.2
podman-cni-config: before 4.3.1-150300.9.15.1
podman-debuginfo: before 4.3.1-150300.9.15.1
podman: before 4.3.1-150300.9.15.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230326-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU61829
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27649
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to excess inheritable capabilities set, which leads to security restrictions bypass and privilege escalation.
MitigationUpdate the affected package podman to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP3
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-ESPOS - 15-SP3-LTSS
openSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 7.1
SUSE Linux Enterprise Micro: 5.1 - 5.2
podman-cni-config: before 4.3.1-150300.9.15.1
podman-debuginfo: before 4.3.1-150300.9.15.1
podman: before 4.3.1-150300.9.15.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230326-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Incorrect authorization
EUVDB-ID: #VU69290
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2989
CWE-ID:
CWE-863 - Incorrect Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect handling of the supplementary groups in the Podman container engine. A local user with direct access to the affected container where supplementary groups are used can set access permissions and execute a binary code in that container.
Update the affected package podman to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP3
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-ESPOS - 15-SP3-LTSS
openSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 7.1
SUSE Linux Enterprise Micro: 5.1 - 5.2
podman-cni-config: before 4.3.1-150300.9.15.1
podman-debuginfo: before 4.3.1-150300.9.15.1
podman: before 4.3.1-150300.9.15.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230326-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
