INFSA-2025:20909: podman security update
Information about definition
Identificator: INFSA-2025:20909
Type: security
Release date: 2025-12-01 14:19:12 UTC
Information about package
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Vulnerabilities description
- CVE-2025-9566
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.
- CVE-2025-47907
A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-47907
|
no information | 7.0 | no information |
|
NIST — CVE-2025-9566
|
no information | 8.1 | no information |
Updated packages
Preparing to download...