container-tools:2.0 security update

An update is available for fuse-overlayfs, container-selinux, udica, runc, toolbox, podman, conmon, skopeo, python-podman-api, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which...

Important: container-tools:2.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: vulnerable to symlink exchange attack CVE-2021-30465 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

ALSA-2021:2291 Important: container-tools:2.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: vulnerable to symlink exchange attack CVE-2021-30465 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

RLSA-2021:2291 Important: container-tools:2.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: vulnerable to symlink exchange attack CVE-2021-30465 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

RHEL 8 : container-tools:2.0 (RHSA-2021:2292)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2292 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: vulnerable to...

Photon OS 4.0: Runc PHSA-2021-4.0-0035

An update of the runc package has been released. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-4.0-0035. The text itself is copyright C VMware, Inc. include'deprecatednasllevel.inc...

Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2021-30465)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability found in containerd that could allow certain container configuration requests to actually result in the host filesystem being bind-mounted into the container allowing for a container escape CVE-2021-30465. Vulnerability...

Fedora: Security Advisory for runc (FEDORA-2021-0440f235a0)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for runc (FEDORA-2021-2eb67ba3c2)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Critical Photon OS Security Update - PHSA-2021-4.0-0035

Updates of 'libxml2', 'runc', 'gnutls' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2021-0035

Updates of 'runc', 'gnutls', 'libxml2' packages of Photon OS have been released...

Important: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

runc: vulnerable to symlink exchange attack

The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity ...

runc: vulnerable to symlink exchange attack

The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity ...

Important: Red Hat Security Advisory: docker security update

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

[SECURITY] Fedora 34 Update: runc-1.0.0-378.rc95.fc34

The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc...

[SECURITY] Fedora 33 Update: runc-1.0.0-378.rc95.fc33

The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc...

GHSA-FH74-HM69-RQJW opencontainers runc contains procfs race condition with a shared volume mount

Impact By crafting a malicious root filesystem with /proc being a symlink to a directory which was inside a volume shared with another running container, an attacker in control of both containers can trick runc into not correctly configuring the container's security labels and not correctly maski...

opencontainers runc contains procfs race condition with a shared volume mount

Impact By crafting a malicious root filesystem with /proc being a symlink to a directory which was inside a volume shared with another running container, an attacker in control of both containers can trick runc into not correctly configuring the container's security labels and not correctly maski...

CVE-2021-30465

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...