Important: bubblewrap and flatpak security update

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...

Important: Red Hat Security Advisory: bubblewrap and flatpak security update

An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: bubblewrap and flatpak security update

An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Important: Red Hat Security Advisory: bubblewrap and flatpak security update

An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2024-8418 Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service

A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing...

(RHSA-2024:6274) Moderate: Red Hat OpenShift distributed tracing 3.3.0 operator/operand containers

Release of Red Hat OpenShift distributed tracing provides these changes:...

ALSA-2024:6356 Important: bubblewrap and flatpak security update

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...

Important: bubblewrap and flatpak security update

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Moderate: Red Hat Security Advisory: containernetworking-plugins security update

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

GHSA-JFVP-7X6P-H2PV runc can be confused to create empty files/directories on the host

Impact runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files,...

runc can be confused to create empty files/directories on the host

Impact runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files,...

AZL-48581 CVE-2024-45310 affecting package kubernetes 1.28.4-25

runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...

CVE-2024-45310

CVE-2024-45310 affects runc 1.1.13 and earlier and 1.2.0-rc2 and earlier, where sharing a volume between two containers can trigger a race with os.MkdirAll to create empty files or directories in arbitrary host paths. An attacker must be able to start containers with a custom volume configuration...

CVE-2024-45310 runc can be confused to create empty files/directories on the host

runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...

CVE-2024-45310 runc can be confused to create empty files/directories on the host

runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.1 security update

Red Hat OpenShift Service Mesh Containers for 2.6.1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.10 security update

Red Hat OpenShift Service Mesh Containers for 2.4.10 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

ALSA-2024:6186 Moderate: containernetworking-plugins security update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

Oracle Linux 9 : skopeo (ELSA-2024-6195)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-6195 advisory. 2:1.14.5-1 - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 https://github.com/containers/skopeo/commit/072072b -...