Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.53 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.29 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.29 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

Ubuntu: Security Advisory (USN-7851-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:4073-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

AlmaLinux 10 : podman (ALSA-2025:21220)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:21220 advisory. runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-52881 Tenable has extracted the preceding...

RHEL 10 : buildah (RHSA-2025:22012)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22012 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

SUSE SLES15 Security Update : runc (SUSE-SU-2025:4073-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4073-2 advisory. Update to runc v1.3.3. Upstream changelog is available from . bsc1252232 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 Update to run...

runc security update

4:1.3.0-4 - rename errors.go to errorslinux.go - Related: RHEL-122400 4:1.3.0-3 - Add relevant patches to CVEs - Resolves: RHEL-122400 4:1.3.0-2 - fix CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 - Resolves: RHEL-122400 - Resolves: RHEL-122403 - Resolves: RHEL-122414...

AlmaLinux 9 : buildah (ALSA-2025:22011)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:22011 advisory. runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-52881 golang: archive/tar: Unbounded...

ROS-20251125-13

A vulnerability in the maskedPaths feature of the isolated container runc tool is related to the runc state that allows link tracking. Exploitation of the vulnerability could allow an attacker to Affect the confidentiality, integrity and availability of protected information...

USN-7851-2: runC regression

USN-7851-1 fixed vulnerabilities in runC. The introduction of a new upstream release has caused regressions in runc-app and runc-stable. This update fixes the problem. Original advisory details: Lei Wang and Li Fubang discovered that runC incorrectly handled masked paths. An attacker could possib...

USN-7851-2 runc-app, runc-stable regression

USN-7851-1 fixed vulnerabilities in runC. The introduction of a new upstream release has caused regressions in runc-app and runc-stable. This update fixes the problem. Original advisory details: Lei Wang and Li Fubang discovered that runC incorrectly handled masked paths. An attacker could possib...

Security update for runc

This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc1252232 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc1252110 Includes an important fix for the CPUSet translation for...

SUSE-SU-2025:4073-2 Security update for runc

This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc1252232 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc1252110 - Includes an important fix for the CPUSet translation for...

openSUSE 16 Security Update : runc (openSUSE-SU-2025-20072-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20072-1 advisory. - Update to runc v1.3.3: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing ...

RockyLinux 10 : podman (RLSA-2025:21220)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:21220 advisory. runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-52881 Tenable has extracted the preceding...

RockyLinux 9 : runc (RLSA-2025:20957)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:20957 advisory. runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to...