RHCOS 3 : OpenShift Container Platform 3.11 (RHSA-2020:2218)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2218 advisory. - containers/image: Container images read entire image manifest into memory CVE-2020-1702 Note that Nessus has not tested for this issue but...

MiracleLinux 7 : podman-1.6.4-16.el7 (AXSA:2020-058:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-058:01 advisory. podman: resolving symlink in host filesystem leads to unexpected results of copy operation CVE-2019-18466 containers/image: Container images read...

MiracleLinux 7 : skopeo-0.1.40-11.0.1.el7.AXS7 (AXSA:2020-198:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-198:02 advisory. containers/image: Container images read entire image manifest into memory CVE-2020-1702 Tenable has extracted the preceding description block directly from th...

Linux Distros Unpatched Vulnerability : CVE-2020-1702

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using...

CentOS 7 : podman (RHSA-2020:1227)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1227 advisory. - An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the...

CentOS 7 : skopeo (RHSA-2020:2681)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2681 advisory. - A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using...

RHEL 8 : 1.0_podman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - containers/image: Container images read entire image manifest into memory CVE-2020-1702 Note that Nessus has not...

Oracle Linux 8 : container-tools:ol8 (ELSA-2020-1650)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1650 advisory. - A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux...

CVE-2020-1702

CVE-2020-1702 : A malicious container image can cause unbounded memory usage when pulled by a container runtime (containers-image) on hosts like RHEL with podman or OpenShift. This affects containers-image versions before 5.2.0; remediation is upgrading to 5.2.0 or later (no exploit details provi...

container-tools:2.0 security update

buildah 1.11.6-8.0.1 - Reduce unnecessary writable mounts in NaiveDiffDriver Orabug: 31025483 - Fixes troubles with oracle registry login Orabug: 29937283 1.11.6-8 - exclude i686 arch - Related: 1821193 1.11.6-7 - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file...

CentOS 8 : container-tools:rhel8 (CESA-2020:1650)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1650 advisory. - runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation CVE-2019-19921 - containers/image: Container...

Low: Red Hat Security Advisory: skopeo security and bug fix update

An update for skopeo is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2020:2218)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2218 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud...

Low: Red Hat Security Advisory: OpenShift Container Platform 3.11 security update

Red Hat OpenShift Container Platform release 3.11.219 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which...

Important: Red Hat Security Advisory: buildah security and bug fix update

An update for buildah is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 7 / 8 : OpenShift Container Platform 4.4.3 cri-o (RHSA-2020:1937)

The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1937 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.4.3 cri-o security update

An update for cri-o is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RLSA-2020:1650 Moderate: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation CVE-2019-19921 containers/image: Container images read entire ima...

Moderate: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation CVE-2019-19921 containers/image: Container images read entire ima...