Alibaba Cloud Linux 3 : 0184: container-tools:an8 (ALINUX3-SA-2025:0184)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0184 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-31133: runc is a CLI tool for...

podman security update

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...

RLSA-2025:21220 Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: runc: container escape and denial of service due to arbitrary write gadgets and procfs...

RLSA-2025:20957 Important: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/console mou...

RLSA-2025:21702 Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: runc: container escape and denial of service due to arbitrary write gadgets and procfs...

runc security update

An update is available for runc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The runC tool is a lightweight, portable implementation of the Open Container...

Security update for runc (important)

openSUSE security update: security update for runc ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20072-1 Rating: important References: bsc1252110 bsc1252232 Cross-References: CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 CVSS scores: CVE-2025-31133...

OPENSUSE-SU-2025:20072-1 Security update for runc

This update for runc fixes the following issues: - Update to runc v1.3.3: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1252232...

SUSE-SU-2025:21072-1 Security update for runc

This update for runc fixes the following issues: - Update to runc v1.3.3: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1252232...

SUSE-SU-2025:21136-1 Security update for runc

This update for runc fixes the following issues: - Update to runc v1.3.3: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1252232...

CLSA-2025-1763648873 runc: Fix of 6 CVEs

upgrade to runc 1.2.8 to fix multiple critical security vulnerabilities: - CVE-2024-21626: fix file descriptor leak vulnerability allowing container escape - CVE-2025-52565: fix container escape with malicious config due to /dev/console mount races - CVE-2025-31133: fix container escape and...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.59 packages and security update

Red Hat OpenShift Container Platform release 4.14.59 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

runc: container escape with malicious config due to /dev/console mount and related races

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...

TencentOS Server 3: container-tools:rhel8 (TSSA-2024:0103)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0103 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: container-tools:4.0 (TSSA-2024:0104)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0104 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: container-tools:rhel8 (TSSA-2022:0110)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0110 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

AlmaLinux 8 : container-tools:rhel8 (ALSA-2025:21232)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:21232 advisory. runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/conso...

AlmaLinux 9 : runc (ALSA-2025:20957)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:20957 advisory. runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/conso...