ALSA-2024:2084 Important: container-tools:4.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: full container escape at build time CVE-2024-1753 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

ALSA-2024:2098 Important: container-tools:rhel8 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fixes: containerinitt does not possess ptrace process context almalinux-8.9.0.z JIRA:AlmaLinux-28923 Security Fixes: podman: full container escape at build time CVE-2024-1753...

container-tools:4.0 security update

buildah 1.24.7-1 - bump to v1.24.7 - Resolves: RHEL-26767 cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp oci-seccomp-bpf-hook podman python-podman runc 1.1.12-1.0.1 - rebuild with golang 1.20.12 for CVE-2023-39326 skopeo...

container-tools:ol8 security and bug fix update

aardvark-dns buildah 1:1.31.5-1 - update to the latest content of https://github.com/containers/buildah/tree/release-1.31 https://github.com/containers/buildah/commit/5fd539c - Resolves: RHEL-26772 1:1.31.3-3 - Make the module buildable again - Resolves: RHEL-16299 1:1.31.3-2 - Rebuild with golan...

Withdrawn: Runc allows an arbitrary systemd property to be injected

Withdrawn Advisory This advisory has been withdrawn because it was incorrectly attributed to runc. Please see the issue here for more information. Original Description A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a po...

GHSA-C5PJ-MQFH-RVC3 Withdrawn: Runc allows an arbitrary systemd property to be injected

Withdrawn Advisory This advisory has been withdrawn because it was incorrectly attributed to runc. Please see the issue here for more information. Original Description A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a po...

Advisory ROSA-SA-2024-2393

Software: runc 1.0.0 OS: rosa-server79 packageevrstring: runc-1.0.0.0-70.rc10.res7 CVE-ID: CVE-2019-19921 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: runc has improper access control leading to elevated privileges associated with libcontainer/rootfslinux.go. To exploit this, an attacker must be able t...

ROS-20240410-18

The vulnerability of Runc's isolated container launch tool is related to a flaw in the delimitations of the controlled area of the system. Exploitation of the vulnerability could allow an attacker to execute arbitrary code outside the isolated program environment by overwriting executable files...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1483)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : docker-runc (EulerOS-SA-2024-1504)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an...

EulerOS 2.0 SP9 : docker-runc (EulerOS-SA-2024-1483)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1504)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

container-tools:rhel8 bug fix update

An update is available for libslirp, module.buildah, module.crun, buildah, fuse-overlayfs, udica, module.oci-seccomp-bpf-hook, module.netavark, module.runc, conmon, module.containers-common, python-podman, module.libslirp, module.aardvark-dns, module.fuse-overlayfs, runc, criu, aardvark-dns,...

Exploit for File Descriptor Leak in Linuxfoundation Runc

CVE-2024-21626 POC Requirements runc 1.1.0 /proc/self/c...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in Open Container Initiative runc [CVE-2024-21626]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in Open Container Initiative runc, caused by an internal file descriptor leak CVE-2024-21626. Open Container Initiative runc is part of the gcc utils used by our service runtimes. This...

Exploit for File Descriptor Leak in Linuxfoundation Runc

PoC of CVE-2024-21626 Read my full article for detailed explan...

Important: Red Hat Security Advisory: docker security update

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

runc: file descriptor leak

A file descriptor leak issue was found in the runc package. While a user performs OCLOEXEC all file descriptors before executing the container code, the file descriptor is open when performing setcwd2, which means that the reference can be kept alive in the container by configuring the working...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1234)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1212)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...