340 matches found
CVE-2021-23218 Memory Leak in Mirantis Container Runtime (MCR) running in FIPS mode causes a Denial of Service
When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service...
Mirantis Container Runtime 安全漏洞
Mirantis Container Runtime is an advanced runtime from Mirantis, Inc. It is used to efficiently run Swarm and Kubernetes containers on any substrate. A security vulnerability exists in Mirantis Container Runtime 20.10.8, which stems from a memory leak during the TLS handshake, which could be abus...
DEBIAN-CVE-2021-43816
containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface CRI, an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any...
devices resource list treated as a blacklist by default
Impact Contrary to the OCI runtime specification, runc's implementation of the linux.resources.devices list was a black-list by default. This means that users who created their own config.json objects and didn't prefix a deny-all rule "allow": false, "permissions": "rwm" or equivalent were not...
GHSA-G54H-M393-CPWQ devices resource list treated as a blacklist by default
Impact Contrary to the OCI runtime specification, runc's implementation of the linux.resources.devices list was a black-list by default. This means that users who created their own config.json objects and didn't prefix a deny-all rule "allow": false, "permissions": "rwm" or equivalent were not...
DEBIAN-CVE-2021-43784
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code responsible for the based namespace setup of container...
[SECURITY] Fedora 35 Update: containerd-1.5.8-1.fc35
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
[SECURITY] Fedora 34 Update: containerd-1.5.8-1.fc34
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
[SECURITY] Fedora 35 Update: containerd-1.5.7-1.fc35
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
[SECURITY] Fedora 34 Update: containerd-1.5.7-1.fc34
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
Design/Logic Flaw
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory...
CVE-2021-41103
CVE-2021-41103 affects containerd and stems from insufficiently restricted permissions on container root directories and some plugins, enabling unprivileged host users to traverse directories, read/modify files, and potentially execute programs (including those with extended permission bits). The...
Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances
Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances ACI services that could have been weaponized by a malicious actor "to access other customers' information" in what the researchers described as the "first cross-account container takeover in the public...
USN-4867-1 runc vulnerabilities
It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. CVE-2019-16884 Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious...
USN-5032-2: Docker vulnerabilities
USN-5032-1 fixed vulnerabilities in Docker. This update provides the corresponding updates for Ubuntu 21.04. Original advisory details: Several vulnerabilities were fixed in Docker. This update provides a new upstream version that fixed them...
Ubuntu 18.04 LTS / 20.04 LTS : containerd vulnerabilities (USN-5012-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5012-1 advisory. It was discovered that containerd incorrectly handled file permission changes. If a user or automated system were tricked into launching a specially...
CVE-2021-32760
CVE-2021-32760 affects containerd prior to 1.4.8 and 1.5.4. A crafted container image could cause Unix file permission changes on host files when pulling/extracting, potentially denying access, widening permissions, or setting bits like setuid/setgid/sticky. The flaw does not directly unlock read...
CVE-2021-32760
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access t...
MGASA-2021-0248 Updated docker-containerd packages fix security vulnerability
In containerd an industry-standard container runtime before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service that share the same image may receive incorrect...
OESA-2021-1215 runc security update
runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly...