1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1108473: podman: CVE-2025-6032

    From =?UTF-8?Q?Moritz_M=C3=BChlenhoff?=@21:1/5 to All on Sun Jun 29 14:10:01 2025
    Package: podman
    X-Debbugs-CC: [email protected]
    Severity: grave
    Tags: security

    Hi,

    The following vulnerability was published for podman.

    CVE-2025-6032[0]:
    | A flaw was found in Podman. The podman machine init command fails to
    | verify the TLS certificate when downloading the VM images from an
    | OCI registry. This issue results in a Man In The Middle attack.

    https://github.com/advisories/GHSA-65gg-3w2w-hr4h https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3


    If you fix the vulnerability please also make sure to include the
    CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

    For further information see:

    [0] https://security-tracker.debian.org/tracker/CVE-2025-6032
    https://www.cve.org/CVERecord?id=CVE-2025-6032

    Please adjust the affected versions in the BTS as needed.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Tue Jul 8 10:00:02 2025
    This is a multi-part message in MIME format...

    Your message dated Tue, 08 Jul 2025 07:52:06 +0000
    with message-id <[email protected]>
    and subject line Bug#1108473: fixed in podman 5.4.2+ds1-2
    has caused the Debian Bug report #1108473,
    regarding podman: CVE-2025-6032
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected]
    immediately.)


    --
    1108473: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108473
    Debian Bug Tracking System
    Contact [email protected] with problems

    Received: (at submit) by bugs.debian.org; 29 Jun 2025 12:02:40 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
    (2024-03-25) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-15.9 required=4.0 tests=BAYES_00,
    BODY_INCLUDES_PACKAGE,FOURLA,HAS_PACKAGE,MD5_SHA1_SUM,
    RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED,
    RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham
    autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 25; hammy, 118; neutral, 31; spammy,
    0. spammytokens: hammytokens:0.000-+--UD:security-tracker.debian.org,
    0.000-+--securitytrackerdebianorg,
    0.000-+--security-tracker.debian.org, 0.000-+--H*r:jmm,
    0.000-+--H*M:westfalen
    Return-path: <[email protected]>
    Received: from vps-b7ad3695.vps.ovh.net ([51.38.114.215]:52368)