====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN545
_____________________________________________________________________

DATE                : 28/09/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Podman versions prior to 2.0.5.

=====================================================================
https://podman.io/blogs/2020/09/22/security.html
_____________________________________________________________________

Podman Security Issue

Today, we’re releasing updates to fix CVE-2020-14370, a security issue
in Podman. This is a medium-severity information disclosure
vulnerability that affects containers created using Podman’s Varlink API
or the Docker-compatible version of its REST API. If two or more
containers are created using these APIs, and the first container had
environment variables added to it when it was created, all subsequent
containers created using the Varlink or Docker-compatible REST APIs will
also have these environment variables added. This effect does not
persist after restarting the Podman API service.

Podman v2.0.5 and higher contain a fix for the CVE. If you use either of
these APIs, please update to Podman v2.0.5 or later. We will also be
patching the long-term support v1.6.4 release used in RHEL and CentOS.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================