Moderate: containernetworking-plugins security and bug fix update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.9 security and bug fix update

The Migration Toolkit for Containers MTC 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2022-37326

Docker Desktop for Windows before 4.6.0 allows attackers to delete or create any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation...

Privilege escalation

Docker Desktop for Windows before 4.6.0 allows attackers to delete or create any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation...

PT-2023-13527 · Docker · Docker Desktop For Windows

Name of the Vulnerable Software and Affected Versions: Docker Desktop for Windows versions prior to 4.6.0 Description: The issue allows attackers to delete or create any file through the "dockerBackendV2 windowscontainers/start" API endpoint by controlling the pidfile field inside the DaemonJSON...

CVE-2023-30549

Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer 1.1.0 and installations that include apptainer-suid 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterpri...

CVE-2023-1636

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is...

[SECURITY] Fedora 38 Update: runc-1.1.6-1.fc38

The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc...

barbican 安全漏洞

barbican is an OpenStack key management service, API server. A security vulnerability exists in barbican that stems from a container isolation flaw in Red Hat OpenStack that allows an attacker to have limited authentication and access to the Barbican container, potentially allowing access to othe...

Fedora: Security Advisory for podman (FEDORA-2023-c6f82ee005)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-34823 CVE-2023-26964 affecting package kata-containers for versions less than 3.2.0.azl0-2

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

AZL-26730 CVE-2023-26964 affecting package kata-containers for versions less than 3.2.0.azl0-1

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

containers-common bug fix and enhancement update

An update is available for containers-common. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The containers-common package contains common configuration files a...

PT-2023-3282 · Glpi +1 · Fields +1

Name of the Vulnerable Software and Affected Versions: Fields versions prior to 1.13.1 Fields versions prior to 1.20.4 Description: The issue is related to a lack of access control check in the Fields plugin for GLPI, allowing any authenticated user to write data to any fields container, includin...

CVE-2023-25809

CVE-2023-25809 affects runc (rootless and certain host configurations) where rootless runc can make /sys/fs/cgroup writable under two conditions: 1) inside a user namespace without unsharing cgroup namespace (e.g., docker/podman/nerdctl run --cgroupns=host), or 2) outside the user namespace with ...

CVE-2023-28642

Summary (concrete details): The CVE-2023-28642 issue affects the container runtime components, notably the runC tool. The root cause is an AppArmor bypass when a container’s /proc is symlinked under a specific mount configuration, enabling an attacker with local access to bypass confinement. The ...

CVE-2023-28642 AppArmor bypass with symlinked /proc in runc

runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc...

CVE-2023-28642

runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc...

CVE-2023-25809

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

AZL-27241 CVE-2023-0465 affecting package kata-containers-cc for versions less than 0.4.1-2

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...