Oracle Linux 9 : runc (ELSA-2023-6380)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-6380 advisory. - rebuild for following CVEs: CVE-2021-43784 CVE-2022-41724 CVE-2023-28642 - runc 1.1.5 resolves CVE-2023-25809 and CVE-2023-27561 Tenable has extracte...

runc: volume mount race condition (regression of CVE-2019-19921)

A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume...

runc: Rootless runc makes `/sys/fs/cgroup` writable

A flaw was found in runc, where it is vulnerable to a denial of service caused by improper access control in the /sys/fs/cgroup endpoint. This flaw allows a local authenticated attacker to cause a denial of service...

Moderate: Red Hat Security Advisory: container-tools:rhel8 security and bug fix update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration

A flaw was found in runc. This vulnerability could allow a remote attacker to bypass security restrictions and create a symbolic link inside a container to the /proc directory, bypassing AppArmor and SELinux protections...

runc: Rootless runc makes `/sys/fs/cgroup` writable

A flaw was found in runc, where it is vulnerable to a denial of service caused by improper access control in the /sys/fs/cgroup endpoint. This flaw allows a local authenticated attacker to cause a denial of service...

runc: volume mount race condition (regression of CVE-2019-19921)

A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume...

Moderate: Red Hat Security Advisory: container-tools:4.0 security and bug fix update

An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration

A flaw was found in runc. This vulnerability could allow a remote attacker to bypass security restrictions and create a symbolic link inside a container to the /proc directory, bypassing AppArmor and SELinux protections...

Moderate: container-tools:4.0 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: insufficient sanitization of Host header CVE-2023-29406 For more details about the security issues, including the impact, a CVSS score,...

ALSA-2023:6938 Moderate: container-tools:4.0 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handling of JavaScri...

Moderate: container-tools:rhel8 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handling of JavaScri...

Moderate: container-tools:4.0 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handling of JavaScri...

ALSA-2023:6939 Moderate: container-tools:rhel8 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handling of JavaScri...

runc security update

4:1.1.9-1 - update to https://github.com/opencontainers/runc/releases/tag/v1.1.9 - Related: 2176063 4:1.1.8-1 - update to https://github.com/opencontainers/runc/releases/tag/v1.1.8 - Related: 2176063 4:1.1.7-2 - rebuild for following CVEs: CVE-2021-43784 CVE-2022-41724 CVE-2023-28642 - Resolves:...

NewStart CGSL MAIN 6.06 : containerd.io Multiple Vulnerabilities (NS-SA-2023-0139)

The remote NewStart CGSL host, running version MAIN 6.06, has containerd.io packages installed that are affected by multiple vulnerabilities: - runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes...

NewStart CGSL MAIN 6.06 : neod Multiple Vulnerabilities (NS-SA-2023-0142)

The remote NewStart CGSL host, running version MAIN 6.06, has neod packages installed that are affected by multiple vulnerabilities: - runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectl...

runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration

An integer overflow vulnerability was found in runC. This issue occurs due to an incorrect netlink encoder handling the possibility of an integer overflow in the 16-bit length field for the byte array attribute type. This flaw allows an attacker who can include a large enough malicious byte array...

Moderate: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

runc: Rootless runc makes `/sys/fs/cgroup` writable

A flaw was found in runc, where it is vulnerable to a denial of service caused by improper access control in the /sys/fs/cgroup endpoint. This flaw allows a local authenticated attacker to cause a denial of service...