container-tools:rhel8 bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fix: kubelet service fail to load EnvironmentFile due to SELinux denial BZ2005053...

Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances

Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances ACI services that could have been weaponized by a malicious actor "to access other customers' information" in what the researchers described as the "first cross-account container takeover in the public...

Exploit for OS Command Injection in Docker

CVE-2019-5736 is a vulnerability in the runc container runtime that allows for container escape. The exploit works by overwriting the runc binary with a malicious payload, which is achieved by modifying the /bin/sh file in the container to point to the runc binary on the host. The attacker can th...

Security Bulletin: Container Environment Vulnerabilities Affect IBM Secure Proxy (CVE-2020-14298, CVE-2020-14300)

Summary There are multiple container environment vulnerabilities in IBM Secure Proxy. IBM Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14298 DESCRIPTION: runc could allow a local attacker to bypass security restrictions, caused by a flaw in the usage of...

MGASA-2021-0412 Updated opencontainers-runc packages fix security vulnerability

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...

Updated opencontainers-runc packages fix security vulnerability

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...

Critical Photon OS Security Update - PHSA-2021-0424

Updates of 'util-linux' packages of Photon OS have been released...

USN-4867-1: runC vulnerabilities

It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. CVE-2019-16884 Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious...

container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

ALBA-2021:3070 container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

container-tools:rhel8 security, bug fix, and enhancement update

An update is available for fuse-overlayfs, container-selinux, udica, runc, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2021-2292)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the runc tool’s configuration allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the configuration of the tool for running isolated containers, “runc,” exists due to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and...

runc through 1.0.0-rc8 as used in Docker through 19.03.2-ce and other products allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets and thus a malicious Docker image can mount over a /proc directory.

...

runc through 1.0-rc6 as used in Docker before 18.09.2 and other products allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image or (2) an existing container to which the attacker previously had write access that can be attached with docker exec. This occurs because of file-descriptor mishandling related to /proc/self/exe.

...

openSUSE 15 Security Update : containerd, docker, runc (openSUSE-SU-2021:1954-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1954-1 advisory. - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root...

libcontainer/user/user.go in runC before 0.1.0 as used in Docker before 1.11.2 improperly treats a numeric UID as a potential username which allows local users to gain privileges via a numeric username in the password file in a container.

...

openSUSE: Security Advisory for containerd, (openSUSE-SU-2021:1954-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:1954-1 Security update for containerd, docker, runc

This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.6-ce bsc1184768, bsc1182947, bsc1181594 Switch version to use -ce suffix rather than ce to avoid confusing other tools bsc1182476. CVE-2021-21284: Fixed a potential privilege escalation when the root...

runC: Container breakout

Background runC is a CLI tool for spawning and running containers according to the OCI specification. Description A vulnerability in runC could allow an attacker to achieve privilege escalation if specific mount configuration prerequisites are satisfied. Impact An attacker may be able to escalati...