container-tools:rhel8 security, bug fix, and enhancement update

An update is available for fuse-overlayfs, container-selinux, udica, runc, toolbox, conmon, crun, libslirp, oci-seccomp-bpf-hook, slirp4netns, containernetworking-plugins, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a...

ALSA-2022:7469 Moderate: container-tools:4.0 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 golang: crash in a golang.org/x/crypto/ssh server CVE-2022-27191 runc: incorrect handlin...

ALSA-2022:7529 Moderate: container-tools:3.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 golang...

ALSA-2022:7822 Low: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: podman: possible information disclosure and modification CVE-2022-2989 buildah: possible information disclosure and modification CVE-2022-2990 For more details about t...

RHEL 8 : container-tools:rhel8 (RHSA-2022:7457)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7457 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang:...

Moderate: container-tools:4.0 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 golang: crash in a golang.org/x/crypto/ssh server CVE-2022-27191 runc: incorrect handlin...

Low: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: podman: possible information disclosure and modification CVE-2022-2989 buildah: possible information disclosure and modification CVE-2022-2990 For more details about t...

RHEL 8 : container-tools:4.0 (RHSA-2022:7469)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7469 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: cri-o:...

EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2022-2707)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to versi...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2707)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

container-tools:rhel8 bug fix and enhancement update

An update is available for fuse-overlayfs, container-selinux, udica, containers-common, runc, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, python-podman, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from containerd, gnupg2, runc and IBM WebSphere Application Server Liberty

Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.6-x packages containerd, gnupg2, runc and IBM WebSphere Application Server Liberty that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2022-23648 DESCRIPTION...

Important Photon OS Security Update - PHSA-2022-0266

Updates of 'kafka', 'runc' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2022-0529

Updates of 'runc' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2022-4.0-0266

Updates of 'runc', 'kafka' packages of Photon OS have been released...

Amazon Linux 2 : runc (ALASDOCKER-2022-020)

The version of runc installed on the remote host is prior to 1.1.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2022-020 advisory. Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4...

Important: runc

Issue Overview: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVE-2022-1705 Uncontrolled...

Exploit for OS Command Injection in Docker

This is a PoC Proof of Concept exploit for CVE-2019-5736, a vulnerability in the runc binary of the Docker container runtime. The exploit is implemented in Go and is designed to overwrite the runc binary on the host system from within a container. The exploit works by overwriting the /bin/sh bina...

SUSE SLES15 Security Update : kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (SUSE-SU-2022:3333-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3333-1 advisory. - A path traversal vulnerability in KubeVirt versions up to 0.56 and 0.55.1 on all platforms allows a user able to configure the...

SUSE SLES15 Security Update : kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (SUSE-SU-2022:3321-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3321-1 advisory. - A path traversal vulnerability in KubeVirt versions up to 0.56 and 0.55.1 on all platforms allows a user able to configure the...