GO-2022-1008 Unauthorized file access in github.com/containers/buildah

SGID programs executed in a container can access files that have negative group permissions for the user's primary group. Consider a file which is owned by user u1 and group g1, permits user and other read access, and does NOT permit group read access. This file is readable by u1 and all other...

SUSE SLES15 Security Update : kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (SUSE-SU-2022:3321-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3321-1 advisory. - A path traversal vulnerability in KubeVirt versions up to 0.56 and 0.55.1 on all platforms allows a user able to configure the...

Information Disclosure

github.com/containers/podman is vulnerable to Information Disclosure. The vulnerability exists in multiple functions due to improper handling of the supplementary groups in the Podman container engine which allows an attacker to gain access to containers and execute arbitrary codes...

Important: Red Hat Security Advisory: Release of containers for OSP 16.2.z director operator tech preview

Red Hat OpenStack Platform 16.2 Train director operator containers, with several Important security fixes, are available for technology preview. Release osp-director-operator images Security Fixes: CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read important CVE-2021-41103...

container-tools:4.0 bug fix update

An update is available for fuse-overlayfs, container-selinux, udica, containers-common, runc, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, python-podman, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common...

Important: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update

The Migration Toolkit for Containers MTC 1.7.4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

DEBIAN-CVE-2022-36109

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use...

UBUNTU-CVE-2022-36109

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use...

Design/Logic Flaw

A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging...

CVE-2022-20696

A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging...

The vulnerability of Eclipse Jetty servlet containers, related to errors in information processing, allows attackers to gain unauthorized access to protected information.

The vulnerability of Eclipse Jetty servlet containers is related to errors in information processing. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of Eclipse Jetty servlet containers, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of Eclipse Jetty servlet containers is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

[SECURITY] [DLA 3092-1] dpdk security update

Debian LTS Advisory DLA-3092-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany September 02, 2022 https://wiki.debian.org/LTS Package : dpdk Version : 18.11.11-1deb10u2 CVE ID : CVE-2022-2132 A buffer overflow was discovered in the vhost code of DPDK, a set of...

CVE-2022-23452

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.2 Containers security update

Red Hat OpenShift Service Mesh 2.2.2 Containers Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

GO-2022-0558 Privilege escalation in github.com/containers/psgo

The psgo package executes the 'nsenter' binary, potentially allowing privilege escalation when used in environments where nsenter is provided by an untrusted source...

SUSE-SU-2022:2866-2 Security update for systemd-presets-common-SUSE

This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products bsc1199524. The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SU...

SUSE-SU-2022:2866-1 Security update for systemd-presets-common-SUSE

This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products bsc1199524. The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SU...

SUSE: Security Advisory (SUSE-SU-2022:2839-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ignition: configs are accessible from unprivileged containers in VMs running on VMware products

A vulnerability was found in Ignition, where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets...