349 matches found
[SECURITY] Fedora 36 Update: containerd-1.6.2-2.fc36
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
[SECURITY] Fedora 36 Update: containerd-1.6.2-1.fc36
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
[SECURITY] Fedora 34 Update: containerd-1.6.2-3.fc34
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-1482)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-1501)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2022-18549 · Cri-O +2 · Cri-O +2
Name of the Vulnerable Software and Affected Versions: cri-o versions prior to v1.24.0 Description: A flaw was found in cri-o where containers were incorrectly started with non-empty default permissions, allowing an attacker with access to programs with inheritable file capabilities to elevate...
[SECURITY] Fedora 34 Update: containerd-1.6.2-2.fc34
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
crun 安全漏洞
crun is an OCI Open Container Initiative container runtime library written in C. The vulnerability is caused by a vulnerability in a product that incorrectly starts containers with non-empty default privileges. A security vulnerability exists in crun that stems from an affected product incorrectl...
[SECURITY] Fedora 36 Update: containerd-1.6.1-1.fc36
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
CRI-O: Arbitrary code execution in cri-o via abusing “kernel.core_pattern” kernel parameter
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deploy...
[SECURITY] Fedora 35 Update: containerd-1.6.1-1.fc35
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
[SECURITY] Fedora 34 Update: containerd-1.6.1-1.fc34
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers
A newly disclosed security vulnerability in the Kubernetes container engine CRI-O called cr8escape could be exploited by an attacker to break out of containers and obtain root access to the host. "Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives,...
cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied to the host
An incorrect sysctls validation vulnerability was found in CRI-O. The sysctls from the list of "safe" sysctls specified for the cluster 0 will be applied to the host if an attacker can create a pod with a hostIPC and hostNetwork kernel namespace...
cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied to the host
An incorrect sysctls validation vulnerability was found in CRI-O. The sysctls from the list of "safe" sysctls specified for the cluster 0 will be applied to the host if an attacker can create a pod with a hostIPC and hostNetwork kernel namespace...
PT-2022-6526 · Mirantis +7 · Mirantis Container Runtime +7
Name of the Vulnerable Software and Affected Versions: Moby versions prior to 23.0.3 Moby versions prior to 20.10.24 Mirantis Container Runtime versions prior to 20.10.16 Description: The issue is related to the use of an unsecured alternative channel in the Swarm Mode of the Moby daemon componen...
Insecure handling of image volumes in containerd CRI plugin
...
cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied to the host
An incorrect sysctls validation vulnerability was found in CRI-O. The sysctls from the list of "safe" sysctls specified for the cluster 0 will be applied to the host if an attacker can create a pod with a hostIPC and hostNetwork kernel namespace...
DEBIAN-CVE-2022-23648
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to...
UBUNTU-CVE-2022-23648
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to...