Important kernel security update: CVE-2018-3639; new kernel 2.6.32-042stab130.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

This update provides a new kernel 2.6.32-042stab130.1 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 that is a rebase to the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.30.1.el6. The new kernel introduces security and stability fixes. Vulnerability id: CVE-2018-3639 An...

CVE-2018-1000400

Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error CWE-270 vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via...

Tools update: Virtuozzo 6.0 Update 12 Hotfix 24 (6.0.12-3704)

This update provides new packages with a stability fix for Virtuozzo 6.0. Vulnerability id: PSBM-84570 After upgrading guest OS to CentOS 7.5, ploop-based containers with enabled second-level quotas could fail to start due to the failure of the 'quotacheck' binary from the updated 'quota' package...

CVE-2018-0268

A vulnerability in the container management subsystem of Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the Kubernetes container...

Important kernel security update: CVE-2017-5754 and other; new kernel 2.6.32-042stab129.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

This update provides a new Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 kernel 2.6.32-042stab129.1 that is a rebase to the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.28.1.el6. The new kernel inherits a number of security fixes from RHEL and also introduces internal security an...

Microsoft Issues Emergency Patch For Critical Flaw In Windows Containers

Just a few days prior to its monthly patch release, Microsoft released an emergency patch for a critical vulnerability in the Windows Host Compute Service Shim hcsshim library that could allow remote attackers to run malicious code on Windows computers. Windows Host Compute Service Shim hcsshim i...

[SECURITY] [DLA 1368-1] libvorbis security update

Package : libvorbis Version : 1.3.2-1.3+deb7u1 CVE ID : CVE-2017-11333 CVE-2017-14632 CVE-2017-14633 CVE-2018-5146 Serious vulnerabilities were found in the libvorbis library, commonly used to encode and decode audio in OGG containers. 2017-14633 In Xiph.Org libvorbis 1.3.5, an out-of-bounds arra...

The vulnerability of the Apport software for generating and sending error reports on the Ubuntu operating system allows a perpetrator to trigger a service failure, exit from LXC, or gain root privileges.

The vulnerability of the Apport software for generating and sending error reports on the Ubuntu operating system is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a hacker to cause service failures, trigger exits from LXC Linux Containers, or gain root...

The vulnerability of the vSphere Integrated Containers software platform and the vRealize Automation automation tool lies in the ability to execute arbitrary code due to a memory corruption issue. This vulnerability allows an attacker to execute arbitrary code.

The vulnerability of the vSphere Integrated Containers software platform and the vRealize Automation automation tool exists due to the restoration of a questionable data structure in memory. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code by sending...

Kernel security update: CVE-2017-18017 and other; new kernel 2.6.32-042stab128.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

This update provides a new Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 kernel 2.6.32-042stab128.2 that is a rebase to the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.23.1.el6. This kernel was recompiled by the updated gcc with retpolines support. Retpolines are a technique use...

CVE-2018-1197

In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials...

Design/Logic Flaw

In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials...

CVE-2014-3626

The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did no...

Directory traversal

The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did no...

CVE-2014-3626

The CVE-2014-3626 vulnerability affects the Grails Resource Plugin (pre-1.2.13). A directory-traversal protection bug caused the plugin to return the decoded URI after the traversal check instead of the normalized URI, enabling a double-decoding issue. The fixed behavior repeatedly decodes the UR...

CVE-2018-1199

CVE-2018-1199 affects Spring Security (4.1.x before 4.1.5, 4.2.x before 4.2.4, 5.0.x before 5.0.1) and Spring Framework (4.3.x before 4.3.14, 5.0.x before 5.0.3). The issue is that URL path parameters are not consistently handled when evaluating security constraints, allowing an attacker to bypas...

Product update: Virtuozzo 7.0 Update 7 (7.0.7-423)

The Update 7 for Virtuozzo 7.0 provides new features as well as stability and usability bug fixes. Vulnerability id: PSBM-79872 Enabling nested virtualization for VM could fail due to a bug in libvirt. Vulnerability id: PSBM-81107 Setting IP address to a VM without guest tools returned error even...

Directory Traversal

github.com/kubernetes/kubernetes is vulnerable to directory traversal attacks. Containers using subpath volume mounts can access files and directories outside of the volume, this includes other files on the hosts' system...

Design/Logic Flaw

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running...

CVE-2017-1002102

CVE-2017-1002102 affects Kubernetes runtimes prior to certain patch levels where containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories on the node. The Initial doc states this impact for Kubernetes versions 1.3.x–1.6.x and before...