Rapid7 Announces Kubernetes Integration General Availability in InsightVM

Rapid7 is excited to announce the general availability of our Kubernetes integration in InsightVM, our vulnerability management tool.This represents a step forward in Rapid7’s ability to provide vulnerability and remediation management capabilities for container environments. Kubernetes is the mo...

Fedora: Security Advisory for singularity (FEDORA-2021-601ee898f7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for singularity (FEDORA-2021-2e174e8a96)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 32 Update: singularity-3.7.3-1.fc32

Singularity provides functionality to make portable containers that can be used across host environments...

[SECURITY] Fedora 33 Update: singularity-3.7.3-1.fc33

Singularity provides functionality to make portable containers that can be used across host environments...

Security Bug Allows Attackers to Brick Kubernetes Clusters

A vulnerability in one of the Go libraries that Kubernetes is based on could lead to denial of service DoS for the CRI-O and Podman container engines. The bug CVE-2021-20291 affects the Go library called “containers/storage.” According to Aviv Sasson, the security researcher at Palo Alto’s Unit 4...

GO-2021-0087 Race condition in github.com/opencontainers/runc

A race while mounting volumes allows a possible symlink-exchange attack, allowing a user whom can start multiple containers with custom volume mount configurations to escape the container...

GO-2021-0081 Insufficiently Protected Credentials in github.com/containers/image

The HTTP client used to connect to the container registry authorization service explicitly disables TLS verification, allowing an attacker that is able to MITM the connection to steal credentials...

GHSA-C9G6-9335-X697 Improper Input Validation in SocksJS-Node

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20...

Denial Of Service (DoS)

github.com/containers/storage/commit is vulnerable to Denial Of Service DoS. The decompression functionality allows an attacker to crash the application by pulling in malicious tools that resembles podman or cri-o during container image pulls...

Threat matrix for storage services

The move to cloud is happening faster than ever before and organizations are increasing their dependency on cloud storage services. In fact, Microsoft Azure Storage services are one of the most popular services in the cloud. Companies need effective threat protection and mitigation strategies and...

Threat matrix for storage services

The move to cloud is happening faster than ever before and organizations are increasing their dependency on cloud storage services. In fact, Microsoft Azure Storage services are one of the most popular services in the cloud. Companies need effective threat protection and mitigation strategies and...

OESA-2021-1123 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked...

CVE-2021-20291

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code...

CVE-2021-20291

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code...

DEBIAN-CVE-2021-20291

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code...

Design/Logic Flaw

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code...

UBUNTU-CVE-2021-20291

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code...

CVE-2021-20291

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code...

CVE-2021-20291

CVE-2021-20291 corresponds to a deadlock DoS in github.com/containers/storage when unpacking container image layers. If a layer is not a valid tar archive, the tar unpack stream may hang indefinitely, causing a deadlock and denial of service. The issue affects versions prior to 1.28.1 and has bee...