Oval Definition:oval:org.opensuse.security:def:201918466
Revision Date:2022-05-22Version:1
Title:CVE-2019-18466
Description:

An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-18466
SUSE-CU-2020:198-1
SUSE-SU-2020:0697-1
openSUSE-SU-2020:0398-1
Mitre CVE-2019-18466
SUSE CVE-2019-18466
SUSE-CU-2020:198-1
SUSE-SU-2020:0697-1
openSUSE-SU-2020:0398-1
Platform(s):openSUSE Leap 15.1
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Module for Containers 15 SP1
SUSE Linux Enterprise Module for Public Cloud 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Server 4.0
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Containers 15 SP1 is installed
  • AND
  • cni-0.7.1-3.3 is installed
  • OR cni-plugins-0.8.4-3.3 is installed
  • OR conmon-2.0.10-3.3 is installed
  • OR fuse-overlayfs-0.7.6-3.6 is installed
  • OR podman-1.8.0-4.14 is installed
  • OR podman-cni-config-1.8.0-4.14 is installed
  • OR Package Information
  • SUSE Linux Enterprise Module for Public Cloud 15 SP1 is installed
  • AND
  • cni-0.7.1-3.3 is installed
  • OR cni-plugins-0.8.4-3.3 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • cni-0.7.1-lp151.2.3.1 is installed
  • AND cni is signed with openSUSE key
  • OR
  • cni-plugins-0.8.4-lp151.2.3.1 is installed
  • AND cni-plugins is signed with openSUSE key
  • OR
  • conmon-2.0.10-lp151.2.1 is installed
  • AND conmon is signed with openSUSE key
  • OR
  • fuse-overlayfs-0.7.6-lp151.5.1 is installed
  • AND fuse-overlayfs is signed with openSUSE key
  • OR
  • podman-1.8.0-lp151.3.9.1 is installed
  • AND podman is signed with openSUSE key
  • OR
  • podman-cni-config-1.8.0-lp151.3.9.1 is installed
  • AND podman-cni-config is signed with openSUSE key
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Containers 15 SP1 is installed
  • AND
  • cni-0.7.1-3.3.1 is installed
  • OR cni-plugins-0.8.4-3.3.1 is installed
  • OR conmon-2.0.10-3.3.1 is installed
  • OR fuse-overlayfs-0.7.6-3.6.1 is installed
  • OR podman-1.8.0-4.14.1 is installed
  • OR podman-cni-config-1.8.0-4.14.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Module for Public Cloud 15 SP1 is installed
  • AND
  • cni-0.7.1-3.3.1 is installed
  • OR cni-plugins-0.8.4-3.3.1 is installed
    • BACK