CVE-2020-1726

A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first...

Eclipse Che Unauthorized Access Vulnerability

Eclipse Che is the Eclipse Foundation's set of Java-based open source online integrated development environment IDE. A security vulnerability exists in Eclipse Che 7.8.x and earlier versions that stems from the program not properly restricting access to workspace container groups. An attacker cou...

Information Disclosure

containers/image is vulnerable to information disclosure. The vulnerability exists as it reads entire image manifest into memory...

Fedora: Security Advisory for bubblewrap (FEDORA-2020-8bef0cd310)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 32 Update: bubblewrap-0.4.1-1.fc32

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces...

Moderate: Red Hat Security Advisory: podman security, bug fix, and enhancement update

An update for podman is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Moderate: Red Hat Security Advisory: docker security and bug fix update

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 7 : docker (RHSA-2020:1234)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1234 advisory. Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that...

Product update: Virtuozzo 7.0 Update 13 (7.0.13-298)

The Update 13 for Virtuozzo 7.0 introduces new features and provides stability and usability bug fixes. It also introduces a new kernel 3.10.0-1062.12.1.vz7.131.10. Vulnerability id: PSBM-95072 'pstorage-target' files are left over after successful migrations of VMs on Virtuozzo Storage from...

Product update: Virtuozzo Automator 7.0 Update 2 Hotfix 9 (VA MN: 7.0.2-645, VA Agent: 7.0.2-364)

Hotfix 9 for Virtuozzo Automator 7.0.2 provides stability and usability fixes. Vulnerability id: PVA-35779 Virtuozzo Automator warns about low disk space on SSDs with storage cache and journals. Vulnerability id: PVA-37393 VA agent can fully load MDS on nodes with lots of containers on Virtuozzo...

Security update for skopeo (moderate)

openSUSE Security Update: Security update for skopeo Announcement ID: openSUSE-SU-2020:0377-1 Rating: moderate References: 1159530 1165715 Cross-References: CVE-2019-10214 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has one errata is now available. Descriptio...

SUSE SLES15 Security Update : skopeo (SUSE-SU-2020:0712-1)

This update for skopeo fixes the following issues : Update to skopeo v0.1.41 bsc1165715 : Bump github.com/containers/image/v5 from 5.2.0 to 5.2.1 Bump gopkg.in/yaml.v2 from 2.2.7 to 2.2.8 Bump github.com/containers/common from 0.0.7 to 0.1.4 Remove the reference to openshift/api vendor...

CVE-2019-11939

Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects...

UBUNTU-CVE-2019-11939

Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects...

Important: Red Hat Security Advisory: slirp4netns security update

An update for slirp4netns is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

$100K Paid Out for Google Cloud Shell Root Compromise

Google has awarded its inaugural annual top prize for the Google Cloud Platform GCP, for vulnerabilities found in the Google Cloud Shell. The find — a container escape that leads to host root access and the ability to use privileged containers — has earned $100,000 for Dutch researcher Wouter ter...

$100K Paid Out for Google Cloud Shell Root Compromise

Google has awarded its inaugural annual top prize for the Google Cloud Platform GCP, for vulnerabilities found in the Google Cloud Shell. The find — a container escape that leads to host root access and the ability to use privileged containers — has earned $100,000 for Dutch researcher Wouter ter...

CVE-2019-11255

Improper input validation in Kubernetes CSI sidecar containers for external-provisioner v0.4.3, v1.0.2, v1.1, v1.2.2, v1.3.1, external-snapshotter v0.4.2, v1.0.2, v1.1, 1.2.2, and external-resizer v0.1, v0.2 could result in unauthorized PersistentVolume data access or volume mutation during...

March 10, 2020—KB4538461 (OS Build 17763.1098)

March 10, 2020—KB4538461 OS Build 17763.1098 Note This release also contains updates for Microsoft HoloLens OS Build 17763.1098 released March 10, 2020. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not...

Denial Of Service (DoS)

github.com/containers/image is vulnerable to denial of service DoS. The vulnerability exists because it does not restrict the sizes of blobs copied into memory such as the manifest, the config, signatures, etc, allowing an attacker to hijack registries leading to a big blobs and triggering an out...