Important: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

ALSA-2020:0348 Important: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcpemu CVE-2020-7039 For more details about the security issues, including the impact, a CVSS score,...

Important: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcpemu CVE-2020-7039 For more details about the security issues, including the impact, a CVSS score,...

container-tools:rhel8 security, bug fix, and enhancement update

An update is available for containernetworking-plugins, python-podman-api, udica, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The...

CVE-2019-19921

A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this vulnerability is to data...

MGASA-2020-0050 Updated opencontainers-runc packages fix security vulnerability

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory CVE-2019-16884...

Updated opencontainers-runc packages fix security vulnerability

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory CVE-2019-16884...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2019-1061)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sandbox Restrictions Bypass

github.com/opencontainers/runc is vulnerable to sandbox restrictions bypass. An attacker who controls the container image for two containers that share a volume will be able to mount arbitrary volumes in a race condition during container initialization via a symlink that is added to the rootfs...

openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2020-45)

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Security issue fixed : - CVE-2019-16884: Fixed incomplete patch for LSM bypass via malicious Docker image that mount over a /proc directory bsc1152308. Bug fixes : - Update to Docker...

openSUSE: Security Advisory for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (openSUSE-SU-2020:0045-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (moderate)

openSUSE Security Update: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Announcement ID: openSUSE-SU-2020:0045-1 Rating: moderate References: 1122469 1143349 1150397 1152308 1153367 1158590 Cross-References: CVE-2019-16884 Affected Products: openSUSE Leap 15...

CVE-2019-5736

A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. Mitigation This vulnerability is mitigated on Red Hat...

SUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork (SUSE-SU-2020:0035-1)

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Security issue fixed : CVE-2019-16884: Fixed incomplete patch for LSM bypass via malicious Docker image that mount over a /proc directory bsc1152308. Bug fixes: Update to Docker 19.03.5-c...

openSUSE: Security Advisory for docker-runc (openSUSE-SU-2019:2434-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for runc FEDORA-2019-bd4843561c

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (openSUSE-SU-2019:1444-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Oracle Linux 8 : container-tools:ol8 (ELSA-2019-4269)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4269 advisory. - Fix CVE-2019-10214 1734653. - rebuild to address CVE-2019-9514 and CVE-2019-9512 - backport patches for CVE-2019-16884 from upstream - rebuild becaus...

container-tools:ol8 security and bug fix update

buildah 1.9.0-5.0.1 - Fixes troubles with oracle registry login Orabug: 29937283 1.9.0-5 - Use autosetup macro again. 1.9.0-4 - Fix CVE-2019-10214 1734653. 1.9.0-3 - Resolves: 1721247 - enable fips mode 1.9.0-2 - Resolves: 1720654 - tests subpackage depends on golang explicitly 1.9.0-1 - Resolves...

Security Bulletin: Multiple Vulnerabilities in Kubernetes affects IBM Watson Studio Local

Summary Multiple Vulnerabilities in Kubernetes affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2019-5736 DESCRIPTION: runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary and consequently obtain host root...