Photon OS 3.0: Runc PHSA-2021-3.0-0239

An update of the runc package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-3.0-0239. The text itself is copyright C VMware, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...

Symlink Attack

github.com/opencontainers/runc is vulnerable to symlink attack. An attacker, with the ability to start containers using some kind of custom volume configuration, can request a seemingly-innocuous container configuration that results in the host file system being bind-mounted into the container,...

Ubuntu: Security Advisory (USN-4960-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4960-1: runC vulnerability

Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount the host filesystem into the container and escalate privileges...

USN-4960-1 runc vulnerability

Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount the host filesystem into the container and escalate privileges...

CVE-2021-30465

The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity ...

CVE-2021-30465

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...

runc 竞争条件问题漏洞

runc is a CLI Command Line Interface tool for generating and running containers according to the OCI specification. runc suffers from a Contested Condition Issue vulnerability that can be exploited by an attacker to bind a host filesystem to a container...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0388

An update of 'runc' packages of Photon OS has been released...

Important: runc

Issue Overview: The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentialit...

Critical Photon OS Security Update - PHSA-2021-0239

Updates of 'runc', 'tar', 'python-cryptography' packages of Photon OS have been released...

Amazon Linux AMI : runc (ALAS-2021-1499)

The version of runc installed on the remote host is prior to 1.0.0-0.3.20210225.git12644e6.4. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1499 advisory. The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuo...

Critical Photon OS Security Update - PHSA-2021-0347

Updates of 'runc', 'python-cryptography' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2021-0388

Updates of 'runc' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2021-3.0-0239

Updates of 'runc', 'python-cryptography', 'tar' packages of Photon OS have been released...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0347

An update of 'python-cryptography', 'runc' packages of Photon OS has been released...

Ubuntu 18.04 LTS / 20.04 LTS : runC vulnerability (USN-4960-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4960-1 advisory. Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount the host...

Moderate: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

new module: container-tools:3.0

An update is available for fuse-overlayfs, container-selinux, udica, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base...

ALBA-2021:1951 new module: container-tools:3.0

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. This enhancement update adds the container-tools:3.0 module to AlmaLinux BZ1929575 For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the...