[SECURITY] Fedora 38 Update: golang-github-opencontainers-runc-1.1.8-2.fc38

Runc is a CLI tool for spawning and running containers according to the OCI specification...

[SECURITY] Fedora 37 Update: golang-github-opencontainers-runc-1.1.8-2.fc37

Runc is a CLI tool for spawning and running containers according to the OCI specification...

Fedora 37 : golang-github-opencontainers-runc (2023-9edf2145fb)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-9edf2145fb advisory. Add commit c0be1aa2d101dcd3074b5a0e486d58d3f9568d81 as a patch for github.com/containers/common ---- Security fix for CVE-2023-27561 Update to 1.1.8...

Fedora: Security Advisory for golang-github-opencontainers-runc (FEDORA-2023-9edf2145fb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 38 : golang-github-opencontainers-runc (2023-6e6d9065e0)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6e6d9065e0 advisory. Add commit c0be1aa2d101dcd3074b5a0e486d58d3f9568d81 as a patch for github.com/containers/common ---- Security fix for CVE-2023-27561 Update to 1.1.8...

Amazon Linux 2 : runc (ALASNITRO-ENCLAVES-2023-025)

The version of runc installed on the remote host is prior to 1.1.7-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2023-025 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject...

Advisory ROSA-SA-2023-2209

software: runc 1.1.7 OS: ROSA-CHROME packageevrstring: runc-1.1.1.7-1.src.rpm CVE-ID: CVE-2021-43784 BDU-ID: 2023-02652 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Runc isolated container tool is related to integer overflow. Exploitation of the vulnerability allows an attacker acting...

EulerOS 2.0 SP9 : docker-runc (EulerOS-SA-2023-2581)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2023-2611)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : docker-runc (EulerOS-SA-2023-2611)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2023-2581)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: runc

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

Important: runc

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

Oracle Linux 8 : buildah (ELSA-2023-12578)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12578 advisory. - rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809 - rootfs: prohibit symlinks that conflicts with readonlyPaths and/or maskedPaths to...

The vulnerability of the Runc command-line tool for running isolated containers, related to improper storage of permissions, allows a malicious actor to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Runc container launch tool is related to improper storage of permissions. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

Oracle Linux 8 : aardvark-dns (ELSA-2023-12579)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12579 advisory. - rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809 - rootfs: prohibit symlinks that conflicts with readonlyPaths and/or maskedPaths to...

The vulnerability in the `libcontainer/rootfs_linux.go` component of the Runc tool for running isolated containers allows a attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the libcontainer/rootfslinux.go component, a tool for running isolated containers in Runc, is related to the use of a name with an incorrect reference. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service...

The vulnerability of the Runc command-line tool for isolated containers arises from incorrect handling of symbolic links before accessing the file. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Runc container launch tool is related to incorrect handling of symbolic links before accessing the file. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

buildah security update

runc 1:1.1.4-1.0.1 - rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809 - rootfs: prohibit symlinks that conflicts with readonlyPaths and/or maskedPaths to prevent CVE-2023-27561 - Prohibit /proc and /sys to be symlinks to prevent CVE-2023-28642 - JIRA: OLDIS-25589...

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2023-2378)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploi...