Astra Linux - уязвимость в runc-app

Runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, an attacker can trick runc into binding /dev/pts/$n to /dev/console. Normally, these paths are made read-onl...

RHCOS 4 : OpenShift Container Platform 4.14.48 (RHSA-2025:1453)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1453 advisory. - podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile CVE-2024-11218 Note that...

RHCOS 4 : OpenShift Container Platform 4.16.37 (RHSA-2025:1910)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1910 advisory. - podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile CVE-2024-11218 Note that...

RHCOS 4 : OpenShift Container Platform 4.17.19 (RHSA-2025:1914)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1914 advisory. - podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile CVE-2024-11218 Note that...

RHCOS 4 : OpenShift Container Platform 4.15.46 (RHSA-2025:1713)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1713 advisory. - podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile CVE-2024-11218 Note that...

Astra Linux - уязвимость в linux

A use-after-free flaw was discovered in cgroup1parseparam in kernel/cgroup/cgroup-v1.c within the Linux kernel’s cgroup v1 parser. A local attacker with user privileges could exploit the fsconfig syscall parameter to escalate privileges, resulting in a container breakout and a denial of service o...

SUSE-SU-2026:21291-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1252376. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an...

EulerOS 2.0 SP11 : docker-runc (EulerOS-SA-2026-1603)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 throug...

EulerOS 2.0 SP11 : docker-runc (EulerOS-SA-2026-1575)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 throug...

SUSE-SU-2026:20626-1 Security update for podman

This update for podman fixes the following issues: Changes in podman: - Add symlink to catatonit in /usr/libexec/podman bsc1248988 - CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read bsc1253993 - CVE-2025-47913: Fixed...

SUSE-SU-2026:20641-1 Security update for podman

This update for podman fixes the following issues: Changes in podman: - Add symlink to catatonit in /usr/libexec/podman bsc1248988 - CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read bsc1253993 - CVE-2025-47913: Fixed...

Security update for alloy (important)

openSUSE security update: security update for alloy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20140-1 Rating: important References: bsc1255074 bsc1255333 Cross-References: CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 CVE-2025-68156 CVSS scores...

EulerOS 2.0 SP13 : docker-runc (EulerOS-SA-2026-1208)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 throug...

OPENSUSE-SU-2026:20140-1 Security update for alloy

This update for alloy fixes the following issues: Update to 1.12.2: Security fixes: - CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion bsc1255333: - CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container...

SUSE-SU-2026:20214-1 Security update for alloy

This update for alloy fixes the following issues: Update to 1.12.2: Security fixes: - CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion bsc1255333: - CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container...

SUSE SLED15 / SLES15 Security Update : alloy (SUSE-SU-2026:0327-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0327-1 advisory. Update to 1.12.2: Security fixes: - CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via...

SUSE-SU-2026:0327-1 Security update for alloy

This update for alloy fixes the following issues: Update to 1.12.2: Security fixes: - CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion bsc1255333: - CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container...

SUSE SLES16 Security Update : podman (SUSE-SU-2026:20103-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20103-1 advisory. - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: container breakouts by bypassing runc's restrictions for writing to arbitrary /pro...

SUSE-SU-2026:20123-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed non validated message size causing a panic due to an out of bounds read bsc1254054 - CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an...

OPENSUSE-SU-2026:20072-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1252376. - CVE-2025-9566: kube play command may overwrite host files bsc1249154...