logo
DATABASE RESOURCES PRICING ABOUT US

Oracle Linux 8 : container-tools:3.0 (ELSA-2022-1793)

Description

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-1793 advisory. - A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. (CVE-2022-27650) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related