Amazon Linux 安全漏洞

Amazon Linux AMI is an application. A supported and maintained Linux image provided by Amazon Web Services for the Amazon Elastic Compute Cloud Amazon EC2. A security vulnerability exists in Amazon Linux 1 and Amazon Linux 2 that stems from an incomplete fix in the log4j-cve-2021-44228-hotpatch...

Important: kernel

Issue Overview: An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash or a leak of internal kernel information. The issue results from no...

Medium: kernel

Issue Overview: A race problem was seen in the vtkioctl in drivers/tty/vt/vtioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vcmode is not protected by lock-in vtioctl KDSETMDE. The highest threat from this vulnerability is to data confidentiality...

Medium: kernel-livepatch-4.14.252-195.481

Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.252-195.481 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.252-195.481 or yum update --advisory ALAS2LIVEPATCH-2021-070 to update your system. New...

Medium: kernel-livepatch-4.14.252-195.483

Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.252-195.483 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.252-195.483 or yum update --advisory ALAS2LIVEPATCH-2021-069 to update your system. New...

Medium: kernel-livepatch-4.14.246-187.474

Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.246-187.474 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.246-187.474 or yum update --advisory ALAS2LIVEPATCH-2021-072 to update your system. New...

Medium: docker

Issue Overview: A flaw was found in the userns-remap feature of Docker. The root user in the remapped namespace can modify files under /var/lib/docker/, leading to possible privilege escalation to the root user in the host. The highest threat from this vulnerability is to data integrity...

Medium: docker

Issue Overview: Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing...

Important: docker

Issue Overview: A flaw was discovered in the API endpoint behind the 'docker cp' command. The endpoint is vulnerable to a Time Of Check to Time Of Use TOCTOU vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause...

Medium: containerd

Issue Overview: A flaw was found in containerd. Credentials may be leaked during an image pull. CVE-2020-15157 Affected Packages: containerd Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for t...

Medium: docker

Issue Overview: The default OCI Linux spec in oci/defaultslinux.go in Docker/Moby, from 1.11 to current, does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling Bluetooth or turning up/down keyboard brightness. CVE-2018-10892 Affected...

Important: runc

Issue Overview: runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. CVE-2019-16884 A flaw was...

Medium: containerd

Issue Overview: A flaw was found in containerd. Access controls for the shim's API socket verified that a connecting process had an effective UID of 0, but otherwise did not restrict access to the abstract Unix domain socket. This could allow malicious containers running in the same network...

Medium: containerd, docker

Issue Overview: In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby Docker Engine prior to 20.10.11 and versions of...

Medium: docker

Issue Overview: Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing...

Important: runc

Issue Overview: runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. CVE-2019-16884 A flaw was...

Important: kernel-livepatch-5.10.62-55.141

Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-5.10.62-55.141 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-5.10.62-55.141 or yum update --advisory ALAS2LIVEPATCH-2021-068 to update your system. New...

Important: kernel-livepatch-4.14.243-185.433

Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.243-185.433 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.243-185.433 or yum update --advisory ALAS2LIVEPATCH-2021-062 to update your system. New...

Important: kernel-livepatch-4.14.241-184.433

Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.241-184.433 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.241-184.433 or yum update --advisory ALAS2LIVEPATCH-2021-063 to update your system. New...

Important: kernel-livepatch-4.14.232-177.418

Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.232-177.418 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.232-177.418 or yum update --advisory ALAS2LIVEPATCH-2021-060 to update your system. New...