Beauty Out of Chaos: Elevating Cybersecurity to an Art Form – Part 1

How many of you can remember what it was like managing IT security 10 years ago? How about two decades? The truth is that the landscape was so utterly different back then that any comparisons with today are a little unfair. Yet they’re useful in one key regard: to teach us just how complex and...

Kernel update: New kernel 2.6.32-042stab136.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

This update provides a new kernel 2.6.32-042stab136.1 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 based on the RHEL 6.10 kernel 2.6.32-754.11.1.el6. The new kernel introduces stability fixes. Vulnerability id: PSBM-90794 Under certain circumstances, pcompact could crash the...

The vulnerability of the runc command, a tool for starting isolated containers, is related to errors in processing file descriptors. This vulnerability allows an attacker to execute arbitrary code.

The vulnerability of the runc command, used to execute isolated containers, is related to errors in processing file descriptors. Exploiting this vulnerability allows an attacker to execute arbitrary code...

[SECURITY] Fedora 29 Update: docker-latest-1.13.1-42.git1185cfd.fc29

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...

[SECURITY] Fedora 29 Update: moby-engine-18.06.0-2.ce.git0ffa825.fc29

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This me ans they can run anywhere, from your laptop to the largest EC2 compute instance and everything in between - and they don'...

MGASA-2019-0087 Updated lxc packages fix security vulnerability

LXC allows attackers to overwrite the host LXC binary and consequently obtain host root access by leveraging the ability to execute a command as root within one of these types of containers: a new container with an attacker-controlled image, or an existing container, to which the attacker...

Updated lxc packages fix security vulnerability

LXC allows attackers to overwrite the host LXC binary and consequently obtain host root access by leveraging the ability to execute a command as root within one of these types of containers: a new container with an attacker-controlled image, or an existing container, to which the attacker...

[SECURITY] Fedora 29 Update: runc-1.0.0-68.dev.git6635b4f.fc29

The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc...

Kernel update: Virtuozzo ReadyKernel patch 72.1 for all supported Virtuozzo kernels and that of Virtuozzo Infrastructure Platform 2.5

The cumulative Virtuozzo ReadyKernel patch was updated with a stability fix. The patch applies to all supported Virtuozzo kernels and that of Virtuozzo Infrastructure Platform 2.5. Vulnerability id: PSBM-91689 It was discovered that the previous ReadyKernel patch v72.0 does not allow Docker 18.09...

RunC Container Breakout Vulnerability

Despite the huge advantages that containers offer in application portability, acceleration of CI/CD pipelines and agility of deployment environments, the biggest concern has always been about isolation. Since all the containers running on a host share the same underlying kernel, any malicious cod...

CVE-2019-7312

Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows ANSSI qualification submission before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac...

[SECURITY] Fedora 29 Update: runc-1.0.0-67.dev.git12f6a99.fc29

The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc...

CVE-2019-1647 Cisco SD-WAN Solution Unauthorized Access Vulnerability

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit thi...

CVE-2019-1647 Cisco SD-WAN Solution Unauthorized Access Vulnerability

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit thi...

Cisco SD-WAN Solution Unauthorized Access Vulnerability

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit thi...

Privilege Escalation

github.com/projectatomic/libpod is vulnerable to privilege escalation attack. The vulnerability exists because it does not limit the capabilities of containers executed by non-root users in the default setting, resulting in the container running with higher privileges than required...

Hack Allows Escape of Play-with-Docker Containers

Researchers hacked the Docker test platform called Play-with-Docker, allowing them to access data and manipulate any test Docker containers running on the host system. The proof-of-concept hack does not impact production Docker instances, according to CyberArk researchers that developed the...

SUSE SLES15 Security Update : helm-mirror (SUSE-SU-2019:0048-1)

This update for helm-mirror to version 0.2.1 fixes the following issues : Security issues fixed : CVE-2018-16873: Fixed a remote command execution bsc1118897 CVE-2018-16874: Fixed a directory traversal in 'go get' via curly braces in import path bsc1118898 CVE-2018-16875: Fixed a CPU denial of...

The Docker Bench For Security - A Script That Checks For Dozens Of Common Best-Practices Around Deploying Docker Containers In Production

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. The tests are all automated, and are inspired by the CIS Docker Community Edition Benchmark v1.1.0. We are releasing this as a follow-up to our Understanding...

[SECURITY] Fedora 28 Update: singularity-2.6.1-1.1.fc28

Singularity provides functionality to make portable containers that can be used across host environments...