Package: podman X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security
Hi, The following vulnerability was published for podman. CVE-2024-3056[0]: | A flaw was found in Podman. This issue may allow an attacker to | create a specially crafted container that, when configured to share | the same IPC with at least one other container, can create a large | number of IPC resources in /dev/shm. The malicious container will | continue to exhaust resources until it is out-of-memory (OOM) | killed. While the malicious container's cgroup will be removed, the | IPC resources it created are not. Those resources are tied to the | IPC namespace that will not be removed until all containers using it | are stopped, and one non-malicious container is holding the | namespace open. The malicious container is restarted, either | automatically or by attacker control, repeating the process and | increasing the amount of memory consumed. With a container | configured to restart always, such as `podman run --restart=always`, | this can result in a memory-based denial of service of the system. https://bugzilla.redhat.com/show_bug.cgi?id=2270717 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-3056 https://www.cve.org/CVERecord?id=CVE-2024-3056 Please adjust the affected versions in the BTS as needed.
