CVE-2023-30549 Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer

Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer 1.1.0 and installations that include apptainer-suid 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterpri...

CVE-2023-30549 Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer

Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer 1.1.0 and installations that include apptainer-suid 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterpri...

CVE-2023-30549

Removed by vendor...

AZL-25574 CVE-2023-27561 affecting package moby-runc for versions less than 1.1.5-1

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because...

SUSE CVE-2013-6456

The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the virDomainDeviceAttach API and a symlink attack on /dev in th...

SUSE CVE-2016-8649

lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat family of syscalls...

OESA-2023-1077 lxc security update

Containers are insulated areas inside a system, which have their own namespace for filesystem, network, PID, IPC, CPU and memory allocation and which can be created using the Control Group and Namespace features included in the Linux kernel. Security Fixes: lxc-user-nic in lxc through 5.0.1 is...

LXC 安全漏洞

LXC is a heavily tested low-level Linux container runtime from the LXC open source. A security vulnerability exists in versions of LXC prior to 5.0.1 that stems from allowing a local user to infer whether a file exists...

PT-2023-9226 · Lxc +2 · Lxc +2

Name of the Vulnerable Software and Affected Versions: LXC affected versions not specified Description: The issue is related to a component of the LXC virtualization system, specifically lxc-user-nic, and involves information disclosure due to inconsistency. Exploitation of this issue could allow...

CVE-2022-39395

CVE-2022-39395 : Vela’s default configuration allows container breakout in Vela Server/Worker (pre-0.16.0) and Vela UI (pre-0.17.0). Upgrading to Server 0.16.0, Worker 0.16.0, and UI 0.17.0 is required to fix the issue; after patching, admins must explicitly adjust defaults to their desired confi...

openSUSE: Security Advisory for buildah (SUSE-SU-2022:2680-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:2680-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2022-27651: Fixed incorrect default inheritable capabilities for linux container bsc1197870. Update to version 1.25.1. The following non-security bugs were fixed: - add workaround for https://bugzilla.opensuse.org/showbug.cgi?id=1183043...

Default inheritable capabilities for linux container should be empty

Impact A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2. This bu...

GHSA-F3FP-GC8G-VW66 Default inheritable capabilities for linux container should be empty

Impact A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2. This bu...

openSUSE: Security Advisory for buildah (SUSE-SU-2022:1437-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Moderate: Red Hat Security Advisory: container-tools:3.0 security and bug fix update

An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

RLSA-2022:1793 Moderate: container-tools:3.0 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: crun: Default inheritable capabilities for linux container should be empty CVE-2022-27650 For more details about the security issues, including the impact, a CVSS scor...

Moderate: container-tools:3.0 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: crun: Default inheritable capabilities for linux container should be empty CVE-2022-27650 For more details about the security issues, including the impact, a CVSS scor...

RHEL 8 : OpenShift Container Platform 4.10.12 (RHSA-2022:1600)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1600 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

Moderate: Red Hat Security Advisory: container-tools:2.0 security update

An update for the container-tools:2.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...