Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2022-7469.NASLHistoryNov 15, 2022 - 12:00 a.m.
Oracle Linux 8 : container-tools:4.0 (ELSA-2022-7469)
2022-11-1500:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7469 advisory.
-
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. (CVE-2022-27191)
-
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where
runc exec --capcreated processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container’s bounding set. This bug has been fixed in runc 1.1.2. This fix changesrunc exec --capbehavior such that the additional capabilities granted to the process being executed (as specified via--caparguments) do not include inheritable capabilities. In addition,runc specis changed to not set any inheritable capabilities in the created example OCI spec (config.json) file. (CVE-2022-29162) -
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability. (CVE-2022-1708)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2022-7469.
##
include('compat.inc');
if (description)
{
script_id(167561);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/03");
script_cve_id("CVE-2022-1708", "CVE-2022-27191", "CVE-2022-29162");
script_name(english:"Oracle Linux 8 : container-tools:4.0 (ELSA-2022-7469)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2022-7469 advisory.
- The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to
crash a server in certain circumstances involving AddHostKey. (CVE-2022-27191)
- runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug
was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty
inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with
inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This
bug did not affect the container security sandbox as the inheritable set never contained more capabilities
than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix
changes `runc exec --cap` behavior such that the additional capabilities granted to the process being
executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc
spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`)
file. (CVE-2022-29162)
- A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with
access to the Kube API. The ExecSync request runs commands in a container and logs the output of the
command. This output is then read by CRI-O after command execution, and it is read in a manner where the
entire file corresponding to the output of the command is read in. Thus, if the output of the command is
large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of
the command. The highest threat from this vulnerability is system availability. (CVE-2022-1708)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2022-7469.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-29162");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/18");
script_set_attribute(attribute:"patch_publication_date", value:"2022/11/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:aardvark-dns");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:buildah");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:buildah-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cockpit-podman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:conmon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:container-selinux");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:containernetworking-plugins");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:containers-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:crit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:criu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:criu-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:criu-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:crun");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:fuse-overlayfs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libslirp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libslirp-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:netavark");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:oci-seccomp-bpf-hook");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:podman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:podman-catatonit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:podman-docker");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:podman-gvproxy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:podman-plugins");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:podman-remote");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:podman-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python3-criu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python3-podman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:runc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:skopeo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:skopeo-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:slirp4netns");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:udica");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_release = get_kb_item("Host/RedHat/release");
if (isnull(os_release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
var module_ver = get_kb_item('Host/RedHat/appstream/container-tools');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:4.0');
if ('4.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module container-tools:' + module_ver);
var appstreams = {
'container-tools:4.0': [
{'reference':'aardvark-dns-1.0.1-35.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'aardvark-dns-1.0.1-35.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'buildah-1.24.5-2.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'buildah-1.24.5-2.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'buildah-tests-1.24.5-2.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'buildah-tests-1.24.5-2.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'cockpit-podman-46-1.module+el8.7.0+20872+81cbf159', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'conmon-2.1.4-1.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'conmon-2.1.4-1.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'container-selinux-2.189.0-1.module+el8.7.0+20872+81cbf159', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'containernetworking-plugins-1.1.1-2.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'containernetworking-plugins-1.1.1-2.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'containers-common-1-35.0.1.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'containers-common-1-35.0.1.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'crit-3.15-3.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'crit-3.15-3.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-3.15-3.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-3.15-3.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-devel-3.15-3.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-devel-3.15-3.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-libs-3.15-3.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-libs-3.15-3.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'crun-1.5-1.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'crun-1.5-1.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fuse-overlayfs-1.9-1.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fuse-overlayfs-1.9-1.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-4.4.0-1.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-4.4.0-1.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-devel-4.4.0-1.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-devel-4.4.0-1.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'netavark-1.0.1-35.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'netavark-1.0.1-35.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'oci-seccomp-bpf-hook-1.2.5-1.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'oci-seccomp-bpf-hook-1.2.5-1.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-4.0.2-8.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'podman-4.0.2-8.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'podman-catatonit-4.0.2-8.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'podman-catatonit-4.0.2-8.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'podman-docker-4.0.2-8.module+el8.7.0+20872+81cbf159', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'podman-gvproxy-4.0.2-8.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'podman-gvproxy-4.0.2-8.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'podman-plugins-4.0.2-8.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'podman-plugins-4.0.2-8.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'podman-remote-4.0.2-8.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'podman-remote-4.0.2-8.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'podman-tests-4.0.2-8.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'podman-tests-4.0.2-8.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'python3-criu-3.15-3.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-criu-3.15-3.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-podman-4.0.0-1.module+el8.7.0+20872+81cbf159', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'runc-1.1.4-1.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'runc-1.1.4-1.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'skopeo-1.6.2-5.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'skopeo-1.6.2-5.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'skopeo-tests-1.6.2-5.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'skopeo-tests-1.6.2-5.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'slirp4netns-1.1.8-2.module+el8.7.0+20872+81cbf159', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'slirp4netns-1.1.8-2.module+el8.7.0+20872+81cbf159', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'udica-0.2.6-3.module+el8.7.0+20872+81cbf159', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
};
var flag = 0;
var appstreams_found = 0;
foreach var module (keys(appstreams)) {
var appstream = NULL;
var appstream_name = NULL;
var appstream_version = NULL;
var appstream_split = split(module, sep:':', keep:FALSE);
if (!empty_or_null(appstream_split)) {
appstream_name = appstream_split[0];
appstream_version = appstream_split[1];
if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);
}
if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
appstreams_found++;
foreach var package_array ( appstreams[module] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && _release) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
}
if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:4.0');
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aardvark-dns / buildah / buildah-tests / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | linux | podman | p-cpe:/a:oracle:linux:podman |
| oracle | linux | podman-catatonit | p-cpe:/a:oracle:linux:podman-catatonit |
| oracle | linux | podman-docker | p-cpe:/a:oracle:linux:podman-docker |
| oracle | linux | podman-gvproxy | p-cpe:/a:oracle:linux:podman-gvproxy |
| oracle | linux | podman-plugins | p-cpe:/a:oracle:linux:podman-plugins |
| oracle | linux | podman-remote | p-cpe:/a:oracle:linux:podman-remote |
| oracle | linux | podman-tests | p-cpe:/a:oracle:linux:podman-tests |
| oracle | linux | python3-criu | p-cpe:/a:oracle:linux:python3-criu |
| oracle | linux | python3-podman | p-cpe:/a:oracle:linux:python3-podman |
| oracle | linux | runc | p-cpe:/a:oracle:linux:runc |
Related
nessus
nessus
Rocky Linux 8 : container-tools:4.0 (RLSA-2022:7469)
2022-11-17 00:00:00
RHEL 8 : container-tools:4.0 (RHSA-2022:7469)
2022-11-08 00:00:00
CentOS 8 : container-tools:4.0 (CESA-2022:7469)
2022-11-09 00:00:00
oraclelinux
oraclelinux
container-tools:4.0 security and bug fix update
2022-11-15 00:00:00
container-tools:ol8 security, bug fix, and enhancement update
2022-11-15 00:00:00
runc security update
2022-11-22 00:00:00
rocky
rocky
container-tools:4.0 security and bug fix update
2022-11-08 06:20:20
container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 06:20:07
runc security update
2022-11-15 06:15:20
osv
osv
Moderate: container-tools:4.0 security and bug fix update
2022-11-08 06:20:20
Moderate: container-tools:4.0 security and bug fix update
2022-11-08 00:00:00
Moderate: container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 06:20:07
redhat
redhat
(RHSA-2022:7469) Moderate: container-tools:4.0 security and bug fix update
2022-11-08 06:20:20
(RHSA-2022:7457) Moderate: container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 06:20:07
(RHSA-2022:8090) Low: runc security update
2022-11-15 06:15:20
almalinux
almalinux
Moderate: container-tools:4.0 security and bug fix update
2022-11-08 00:00:00
Low: runc security update
2022-11-15 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: runc-1.1.2-3.fc36
2022-07-31 01:37:21
[SECURITY] Fedora 35 Update: golang-github-opencontainers-runc-1.1.2-1.fc35
2022-05-30 05:34:55
[SECURITY] Fedora 34 Update: golang-github-opencontainers-runc-1.1.2-1.fc34
2022-05-30 05:57:15
veracode
veracode
Privilege Escalation
2022-05-16 13:23:56
Denial Of Service (DoS)
2022-06-07 10:20:53
Denial Of Service (DoS)
2022-04-14 18:23:16
cgr
cgr
CVE-2022-29162 vulnerabilities
2024-04-18 21:07:33
altlinux
altlinux
Security fix for the ALT Linux 10 package runc version 1.1.2-alt1
2022-05-12 00:00:00
Security fix for the ALT Linux 10 package cri-o version 1.24.3-alt1
2022-11-24 00:00:00
cve
cve
CVE-2022-29162
2022-05-17 21:15:00
CVE-2022-1708
2022-06-07 18:15:00
ibm
ibm
cbl_mariner
cbl_mariner
CVE-2022-29162 affecting package moby-runc 1.1.0+azure-6
2022-07-14 21:00:02
CVE-2022-29162 affecting package moby-runc 1.1.0-1
2022-06-26 03:29:33
CVE-2022-1708 affecting package cri-o 1.21.2-19
2024-04-12 05:06:27
debiancve
debiancve
CVE-2022-29162
2022-05-17 21:15:00
CVE-2022-27191
2022-03-18 07:15:00
github
github
Default inheritable capabilities for linux container should be empty
2022-05-24 17:36:56
Node DOS by way of memory exhaustion through ExecSync request in CRI-O
2022-06-06 21:50:21
golang.org/x/crypto/ssh Denial of service via crafted Signer
2022-03-19 00:01:02
redhatcve
redhatcve
ubuntucve
ubuntucve
CVE-2022-29162
2022-05-17 00:00:00
prion
prion
Design/Logic Flaw
2022-05-17 21:15:00
Command injection
2022-06-07 18:15:00
Code injection
2022-03-18 07:15:00
mageia
mageia
Updated opencontainers-runc packages fix security vulnerability
2022-05-21 11:50:18
Updated cri-o packages fix security vulnerability
2023-07-27 01:07:49
alpinelinux
alpinelinux
CVE-2022-29162
2022-05-17 21:15:00
CVE-2022-27191
2022-03-18 07:15:00
wolfi
wolfi
CVE-2022-29162 vulnerabilities
2024-04-18 21:05:58
redos
redos
ROS-20220620-01
2022-06-20 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-3.0-0405
2022-06-14 00:00:00
Important Photon OS Security Update - PHSA-2022-0529
2022-10-19 00:00:00
gitlab
gitlab
Use of a Broken or Risky Cryptographic Algorithm
2022-03-19 00:00:00
Related for ORACLELINUX_ELSA-2022-7469.NASL