1. Home
  2. Security Advisories
  3. Fedora
  4. FEDORA-2024-a267e93f8c

[FEDORA-2024-a267e93f8c] Fedora 40: containers-common, netavark, podman

Severity High
Affected Packages 3
CVEs 1
Info Packages References Vulnerabilities

Security fix for CVE-2024-1753
Automatic update for podman-5.0.0-1.fc40.
Changelog for podman
* Tue Mar 19 2024 Packit <hello(a)packit.dev> - 5:5.0.0-1
- [packit] 5.0.0 upstream release
* Fri Mar 15 2024 Packit <hello(a)packit.dev> - 5:5.0.0~rc7-1
- [packit] 5.0.0-rc7 upstream release
* Wed Mar 13 2024 Lokesh Mandvekar <lsm5(a)redhat.com> - 5:5.0.0~rc6-2
- Resolves: #2269148 - make passt a hard dep
* Mon Mar 11 2024 Packit <hello(a)packit.dev> - 5:5.0.0~rc6-1
- [packit] 5.0.0-rc6 upstream release
* Fri Mar 08 2024 Packit <hello(a)packit.dev> - 5:5.0.0~rc5-1
- [packit] 5.0.0-rc5 upstream release
* Tue Mar 05 2024 Packit <hello(a)packit.dev> - 5:5.0.0~rc4-1
- [packit] 5.0.0-rc4 upstream release
* Fri Mar 01 2024 Debarshi Ray <rishi(a)fedoraproject.org> - 5:5.0.0~rc3-5
- Show the toolbox RPMs used to run the tests
* Fri Mar 01 2024 Debarshi Ray <rishi(a)fedoraproject.org> - 5:5.0.0~rc3-4
- Avoid running out of storage space when running the Toolbx tests
* Fri Mar 01 2024 Debarshi Ray <rishi(a)fedoraproject.org> - 5:5.0.0~rc3-3
- Silence warnings about deprecated grep(1) use in test logs
* Fri Mar 01 2024 Debarshi Ray <rishi(a)fedoraproject.org> - 5:5.0.0~rc3-2
- Update how Toolbx is spelt
* Thu Feb 22 2024 Packit <hello(a)packit.dev> - 5:5.0.0~rc3-1
- [packit] 5.0.0-rc3 upstream release
Automatic update for podman-5.0.0~rc7-1.fc40.
Changelog for podman
* Fri Mar 15 2024 Packit <hello(a)packit.dev> - 5:5.0.0~rc7-1
- [packit] 5.0.0-rc7 upstream release
* Wed Mar 13 2024 Lokesh Mandvekar <lsm5(a)redhat.com> - 5:5.0.0~rc6-2
- Resolves: #2269148 - make passt a hard dep
* Mon Mar 11 2024 Packit <hello(a)packit.dev> - 5:5.0.0~rc6-1
- [packit] 5.0.0-rc6 upstream release
* Fri Mar 08 2024 Packit <hello(a)packit.dev> - 5:5.0.0~rc5-1
- [packit] 5.0.0-rc5 upstream release
* Tue Mar 05 2024 Packit <hello(a)packit.dev> - 5:5.0.0~rc4-1
- [packit] 5.0.0-rc4 upstream release
* Fri Mar 01 2024 Debarshi Ray <rishi(a)fedoraproject.org> - 5:5.0.0~rc3-5
- Show the toolbox RPMs used to run the tests
* Fri Mar 01 2024 Debarshi Ray <rishi(a)fedoraproject.org> - 5:5.0.0~rc3-4
- Avoid running out of storage space when running the Toolbx tests
* Fri Mar 01 2024 Debarshi Ray <rishi(a)fedoraproject.org> - 5:5.0.0~rc3-3
- Silence warnings about deprecated grep(1) use in test logs
* Fri Mar 01 2024 Debarshi Ray <rishi(a)fedoraproject.org> - 5:5.0.0~rc3-2
- Update how Toolbx is spelt
* Thu Feb 22 2024 Packit <hello(a)packit.dev> - 5:5.0.0~rc3-1
- [packit] 5.0.0-rc3 upstream release
make passt and netavark hard dependencies for podman
Automatic update for podman-5.0.0~rc6-1.fc40.
Changelog for podman
* Mon Mar 11 2024 Packit <hello(a)packit.dev> - 5:5.0.0~rc6-1
- [packit] 5.0.0-rc6 upstream release
* Fri Mar 08 2024 Packit <hello(a)packit.dev> - 5:5.0.0~rc5-1
- [packit] 5.0.0-rc5 upstream release
* Tue Mar 05 2024 Packit <hello(a)packit.dev> - 5:5.0.0~rc4-1
- [packit] 5.0.0-rc4 upstream release
* Fri Mar 01 2024 Debarshi Ray <rishi(a)fedoraproject.org> - 5:5.0.0~rc3-5
- Show the toolbox RPMs used to run the tests
* Fri Mar 01 2024 Debarshi Ray <rishi(a)fedoraproject.org> - 5:5.0.0~rc3-4
- Avoid running out of storage space when running the Toolbx tests
* Fri Mar 01 2024 Debarshi Ray <rishi(a)fedoraproject.org> - 5:5.0.0~rc3-3
- Silence warnings about deprecated grep(1) use in test logs
* Fri Mar 01 2024 Debarshi Ray <rishi(a)fedoraproject.org> - 5:5.0.0~rc3-2
- Update how Toolbx is spelt
* Thu Feb 22 2024 Packit <hello(a)packit.dev> - 5:5.0.0~rc3-1
- [packit] 5.0.0-rc3 upstream release
Automatic update for podman-5.0.0~rc5-1.fc40.
Changelog for podman
* Fri Mar 08 2024 Packit <hello(a)packit.dev> - 5:5.0.0~rc5-1
- [packit] 5.0.0-rc5 upstream release
* Tue Mar 05 2024 Packit <hello(a)packit.dev> - 5:5.0.0~rc4-1
- [packit] 5.0.0-rc4 upstream release
* Fri Mar 01 2024 Debarshi Ray <rishi(a)fedoraproject.org> - 5:5.0.0~rc3-5
- Show the toolbox RPMs used to run the tests
* Fri Mar 01 2024 Debarshi Ray <rishi(a)fedoraproject.org> - 5:5.0.0~rc3-4
- Avoid running out of storage space when running the Toolbx tests
* Fri Mar 01 2024 Debarshi Ray <rishi(a)fedoraproject.org> - 5:5.0.0~rc3-3
- Silence warnings about deprecated grep(1) use in test logs
* Fri Mar 01 2024 Debarshi Ray <rishi(a)fedoraproject.org> - 5:5.0.0~rc3-2
- Update how Toolbx is spelt
* Thu Feb 22 2024 Packit <hello(a)packit.dev> - 5:5.0.0~rc3-1
- [packit] 5.0.0-rc3 upstream release
Automatic update for podman-5.0.0~rc4-1.fc40.
Automatic update for podman-5.0.0~rc3-1.fc40.
Removing podman 5.0.0-rc6 build to let the rest of this get past gating. We
already have v5.0.0 bodhi for f40.

Package Affected Version
pkg:rpm/fedora/podman?distro=fedora-40 < 5.0.0.1.fc40
pkg:rpm/fedora/netavark?distro=fedora-40 < 1.10.3.3.fc40
pkg:rpm/fedora/containers-common?distro=fedora-40 < 0.58.0.2.fc40
ID
FEDORA-2024-a267e93f8c
Severity
high
Severity from
CVE-2024-1753
URL
https://bodhi.fedoraproject.org/updates/FEDORA-2024-a267e93f8c
Published
2024-03-27T00:15:37
(5 months ago)
Modified
2024-03-27T00:15:37
(5 months ago)
Rights
Copyright 2024 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 2265513 Bug #2265513 - CVE-2024-1753 buildah: full container escape at build time https://bugzilla.redhat.com/show_bug.cgi?id=2265513
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/fedora/podman?distro=fedora-40 fedora podman < 5.0.0.1.fc40 fedora-40
Affected pkg:rpm/fedora/netavark?distro=fedora-40 fedora netavark < 1.10.3.3.fc40 fedora-40
Affected pkg:rpm/fedora/containers-common?distro=fedora-40 fedora containers-common < 0.58.0.2.fc40 fedora-40
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date