RunC Flaws Enable Container Escapes, Granting Attackers Host Access

Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks. The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have...

Important: runc

Issue Overview: AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the...

runc 安全漏洞

runc is a CLI Command Line Interface tool for generating and running containers according to the OCI specification. A security vulnerability exists in runc versions prior to 1.1.12, which stems from an internal leak in fds that causes multiple containers to leak...

containerd: Multiple Vulnerabilities

Background containerd is a daemon with an API and a command line client, to manage containers on one machine. It uses runC to run containers according to the OCI specification. Description Multiple vulnerabilities have been discovered in containerd. Please review the CVE identifiers referenced...

Important: runc

Issue Overview: AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the...

Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 : runC vulnerability (USN-6619-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6619-1 advisory. Rory McNamara discovered that runC did not properly manage internal file descriptor while managing containers. An attacker could...

Important: runc

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Important: runc

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Moderate: Red Hat Security Advisory: container-tools:3.0 security update

An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has...

RHEL 8 : container-tools:3.0 (RHSA-2024:0564)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0564 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes:...

EulerOS 2.0 SP11 : docker-runc (EulerOS-SA-2023-2680)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this...

EulerOS 2.0 SP11 : docker-runc (EulerOS-SA-2023-2638)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this...

container-tools:4.0 security update

buildah 1:1.24.6-7 - rebuild for CVE-2023-29406 - Related: 2176055 cockpit-podman 46-1 - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/46 - Related: 2061390 conmon 2:2.1.4-2 - update to https://github.com/containers/conmon/releases/tag/v2.1.4 - Related: 2176055...

Moderate: Red Hat Security Advisory: container-tools:4.0 security update

An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

ALSA-2024:0121 Moderate: container-tools:4.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward unparseable query...

Moderate: container-tools:4.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward unparseable query...

Oracle Linux 9 : runc (ELSA-2023-7763)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-7763 advisory. - Rebuild for CVEs: CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 Tenable has extracted the preceding description block directly from the Oracle Linux...

AlmaLinux 9 : runc (ALSA-2023:7763)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:7763 advisory. - Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA...

runc security update

4:1.1.9-2 - Rebuild for CVEs: CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 - Resolves: 2228743 - Resolves: 2237777 - Resolves: 2237778...

SUSE: Security Advisory (SUSE-SU-2023:4727-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...