ignition: configs are accessible from unprivileged containers in VMs running on VMware products

A vulnerability was found in Ignition, where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets...

containers/storage: DoS via malicious image

A deadlock vulnerability was found in github.com/containers/storage. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar...

podman: Remote traffic to rootless containers is seen as orginating from localhost

A flaw was found in podman. Rootless containers receive all traffic with a source IP address of 127.0.0.1 including from remote hosts which impact containerized applications that trust localhost 127.0.01 connections by default and do not require authentication. The highest threat from this...

Moderate: Red Hat Security Advisory: podman security and bug fix update

An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

containers/storage: DoS via malicious image

A deadlock vulnerability was found in github.com/containers/storage. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar...

containers/storage: DoS via malicious image

A deadlock vulnerability was found in github.com/containers/storage. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar...

container-tools:4.0 security and bug fix update

buildah 1:1.24.5-2 - update to the latest content of https://github.com/containers/buildah/tree/release-1.24 https://github.com/containers/buildah/commit/8cc4586 - Related: 2061390 1:1.24.5-1 - update to the latest content of https://github.com/containers/buildah/tree/release-1.24...

SUSE: Security Advisory (SUSE-SU-2022:3969-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Low: podman security, bug fix, and enhancement update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: possible information disclosure and modification CVE-2022-2989 buildah: possible...

Fedora: Security Advisory for apptainer (FEDORA-2022-60c0d28bbd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: apptainer-1.1.3-1.fc37

Apptainer provides functionality to make portable containers that can be used across host environments...

PT-2022-24954 · Vela Ui +2 · Vela Ui +3

Name of the Vulnerable Software and Affected Versions: Vela Server versions prior to 0.16.0 Vela Worker versions prior to 0.16.0 Vela UI versions prior to 0.17.0 Description: The issue concerns default configurations in Vela that allow exploitation and container breakouts. Specifically, running...

SUSE-SU-2022:3919-1 Security update for kubevirt

This update rebuilds the kubevirt stack to include recent security updates in its basecontainers...

Low: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

container-tools:rhel8 security, bug fix, and enhancement update

An update is available for runc, aardvark-dns, podman, oci-seccomp-bpf-hook, buildah, toolbox, slirp4netns, criu, cockpit-podman, fuse-overlayfs, container-selinux, conmon, libslirp, containernetworking-plugins, udica, containers-common, netavark, skopeo, crun, python-podman. This update affects...

opencontainers: OCI manifest and index parsing confusion

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manifest or an index. ...

Are Containers Affected by OpenSSL Vulnerabilities?

Find out if your container-based applications are vulnerable to the new OpenSSL vulnerabilities and the recommendations to help ensure you are protected...

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602 By Trellix, Charles McFarland, Sam Quinn · November 1, 2022 This story was also written by Philippe Laulheret. What is it? CVE-2022-3786 and CVE-2022-3602 are buffer overflow vulnerabilities affecting OpenSSL 3.0 and above that were fix...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Automation Workflow (CVE-2022-37734)

Summary WebSphere Application Server Liberty is shipped as part of IBM Business Automation Workflow containers and as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow traditional. Information abou...

GHSA-2C6M-6GQH-6QG3 Docker Command Escaping in the GitHub Actions Runner

Impact The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands was discovered that allows an input to escape the environment variable and modify th...