353 matches found
Insecure handling of image volumes in containerd CRI plugin
...
cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied to the host
An incorrect sysctls validation vulnerability was found in CRI-O. The sysctls from the list of "safe" sysctls specified for the cluster 0 will be applied to the host if an attacker can create a pod with a hostIPC and hostNetwork kernel namespace...
DEBIAN-CVE-2022-23648
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to...
UBUNTU-CVE-2022-23648
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to...
[SECURITY] Fedora 34 Update: containerd-1.6.0~rc.2-3.fc34
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
Fedora: Security Advisory for containerd (FEDORA-2022-a0b2a4d594)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for containerd (FEDORA-2022-f668c3d70d)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CRI-O 安全漏洞
cri-o is a lightweight container runtime environment for the Kubernetes system. CRI-O suffers from a security vulnerability that can be exploited by an attacker to be able to create a pod with the hostIPC and hostNetwork kernel namespaces...
Why Security in Kubernetes Isn't the Same as in Linux: Part 2
Security for Kubernetes might not be quite the same as what you're used to. In our previous article, we covered why security is so important in both Linux on-premises servers and cloud Kubernetes clusters. We also talked about 3 major aspects of Linux server security — processes, network, and fil...
CVE-2021-23218
When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service...
CVE-2021-23218
When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service...
Denial of service
When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service...
CVE-2021-23218 Memory Leak in Mirantis Container Runtime (MCR) running in FIPS mode causes a Denial of Service
When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service...
CVE-2021-23218
CVE-2021-23218 affects Mirantis Container Runtime 20.10.8 when running in FIPS mode, where a memory leak during TLS handshakes can be exploited to cause a denial of service. The available documents confirm the impact but do not detail exploit vectors, affected subcomponents beyond TLS handshake m...
Mirantis Container Runtime 安全漏洞
Mirantis Container Runtime is an advanced runtime from Mirantis, Inc. It is used to efficiently run Swarm and Kubernetes containers on any substrate. A security vulnerability exists in Mirantis Container Runtime 20.10.8, which stems from a memory leak during the TLS handshake, which could be abus...
DEBIAN-CVE-2021-43816
containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface CRI, an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any...
devices resource list treated as a blacklist by default
Impact Contrary to the OCI runtime specification, runc's implementation of the linux.resources.devices list was a black-list by default. This means that users who created their own config.json objects and didn't prefix a deny-all rule "allow": false, "permissions": "rwm" or equivalent were not...
GHSA-G54H-M393-CPWQ devices resource list treated as a blacklist by default
Impact Contrary to the OCI runtime specification, runc's implementation of the linux.resources.devices list was a black-list by default. This means that users who created their own config.json objects and didn't prefix a deny-all rule "allow": false, "permissions": "rwm" or equivalent were not...
DEBIAN-CVE-2021-43784
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code responsible for the based namespace setup of container...
[SECURITY] Fedora 35 Update: containerd-1.5.8-1.fc35
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...