71 matches found
RHCOS 4 : OpenShift Container Platform 4.3.13 runc (RHSA-2020:1485)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1485 advisory. - runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation CVE-2019-19921 Note that Nessus has n...
RHCOS 4 : OpenShift Container Platform 4.1.38 (RHSA-2020:0695)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:0695 advisory. - runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation CVE-2019-19921 Note that Nessus has n...
EUVD-2023-1117
Malicious code in bioql PyPI...
Important: runc
Issue Overview: A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this...
RHEL 7 : runc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - runc: Execution of malicious containers allows for container escape and access to host filesystem...
Advisory ROSA-SA-2024-2393
Software: runc 1.0.0 OS: rosa-server79 packageevrstring: runc-1.0.0.0-70.rc10.res7 CVE-ID: CVE-2019-19921 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: runc has improper access control leading to elevated privileges associated with libcontainer/rootfslinux.go. To exploit this, an attacker must be able t...
runc: volume mount race condition (regression of CVE-2019-19921)
A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume...
Moderate: Red Hat Security Advisory: runc security update
An update for runc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
Oracle Linux 8 : container-tools:ol8 (ELSA-2020-1650)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1650 advisory. - A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux...
BELL-CVE-2019-19921 CVE-2019-19921 does not affect BellSoft software
Bulletin has no description...
Fedora: Security Advisory for golang-github-opencontainers-runc (FEDORA-2023-6e6d9065e0)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 37 : golang-github-opencontainers-runc (2023-9edf2145fb)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-9edf2145fb advisory. Add commit c0be1aa2d101dcd3074b5a0e486d58d3f9568d81 as a patch for github.com/containers/common ---- Security fix for CVE-2023-27561 Update to 1.1.8...
Fedora 38 : golang-github-opencontainers-runc (2023-6e6d9065e0)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6e6d9065e0 advisory. Add commit c0be1aa2d101dcd3074b5a0e486d58d3f9568d81 as a patch for github.com/containers/common ---- Security fix for CVE-2023-27561 Update to 1.1.8...
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2023-2352)
According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploi...
Amazon Linux 2 : runc (ALASDOCKER-2023-025)
The version of runc installed on the remote host is prior to 1.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2023-025 advisory. runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was...
Ubuntu: Security Advisory (USN-6088-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...
EulerOS 2.0 SP10 : docker-runc (EulerOS-SA-2023-1800)
According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this...
SUSE: Security Advisory (SUSE-SU-2023:2003-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 37 : runc (2023-1ba499965f)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1ba499965f advisory. Security fix for CVE-2023-27561 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...