SUSE-SU-2026:20103-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1252376. - CVE-2025-9566: kube play command may overwrite host files bsc1249154...

SUSE SLES15 Security Update : buildah (SUSE-SU-2025:4074-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:4074-1 advisory. - CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1253096 Other fixes: -...

SUSE-SU-2025:4076-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1253096...

CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.

...

Linux Kernel 2.6.32 Privilege Escalation

Source: http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/ proc Handling of Already Opened Files: Subvert The Stack Base Address Randomization With Suid-Binaries Problem description: Latest ubuntu lucid stock kernel 2.6.32-27-generic contains a bug that allows to keep attached to...

An arbitrary file read vulnerability recorded-vulnerability warning-the black bar safety net

Black box testing Black-box testing found that an interface exist arbitrary file read vulnerability. ! "" The preferred determination is file read or file contains, because filegetcontent“/etc/passwd”include“/etc/passwd”black box view of the performance may be the same. And the file contains is c...

Docker Engine Arbitrary File Manipulation Vulnerability

Docker Engine is a set of lightweight runtime environments and package management tools from Docker, Inc. An arbitrary file manipulation vulnerability exists in versions of Docker Engine prior to 1.6.1, which allows local users to overwrite files in /proc by setting arbitrary Linux security modul...

CVE-2015-3631

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

Design/Logic Flaw

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

Linux Kernel 2.6.32 (Ubuntu 10.04) - proc Handling SUID Privilege Escalation

Linux Kernel 2.6.32 Ubuntu 10.04 - proc Handling SUID Privilege Escalation Source: http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/ proc Handling of Already Opened Files: Subvert The Stack Base Address Randomization With Suid-Binaries Problem description: Latest ubuntu lucid sto...

CVE-1999-0401

CVE-1999-0401 describes a race condition in Linux kernel 2.2.1 that allows local users to read arbitrary memory from /proc files. The vulnerability arises from a race in the /proc handling in Linux 2.2.1, enabling partial/possible disclosure of memory contents to unprivileged local users. Affecte...