EUVD-2022-7476

Malicious code in bioql PyPI...

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to multiple ansible-operator and opm vulnerabilities

Summary Ansible-operator and opm is used by IBM Cloud Pak for Data Scheduling as part of the Ansible operator used for installation of the Scheduler. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2022-23471 DESCRIPTION: containerd is...

Ubuntu 16.04 ESM : containerd vulnerabilities (USN-5521-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5521-1 advisory. It was discovered that containerd insufficiently restricted permissions on container root and plugin directories. If a user or automated system were...

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2023-2190)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container c...

EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2023-2142)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container c...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in containerd

Summary Multiple vulnerabilities in containerd used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-25173 DESCRIPTION: containerd could allow a local authenticated attacker to bypass security restrictions, caused by improper setup for supplementary groups...

Amazon Linux 2 : containerd (ALASDOCKER-2023-023)

The version of containerd installed on the remote host is prior to 1.6.19-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2023-023 advisory. containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user c...

SUSE SLES15 / openSUSE 15 Security Update : containerd (SUSE-SU-2023:1628-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1628-1 advisory. - containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust...

SUSE SLES12 Security Update : containerd (SUSE-SU-2023:1566-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:1566-1 advisory. - containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the...

EulerOS 2.0 SP11 : containerd (EulerOS-SA-2023-1580)

According to the versions of the containerd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the hos...

Huawei EulerOS: Security Advisory for containerd (EulerOS-SA-2023-1580)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CBL Mariner 2.0 Security Update: moby-containerd (CVE-2022-23471)

The version of moby-containerd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-23471 advisory. - containerd is an open source container runtime. A bug was found in containerd's CRI implementation...

Huawei EulerOS: Security Advisory for containerd (EulerOS-SA-2023-1462)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for containerd (EulerOS-SA-2023-1437)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : containerd (EulerOS-SA-2023-1421)

According to the versions of the containerd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can...

EulerOS 2.0 SP11 : containerd (EulerOS-SA-2023-1406)

According to the versions of the containerd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can...

SUSE SLES12 Security Update : containerd (SUSE-SU-2022:4409-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4409-1 advisory. - containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memor...

CVE-2022-23471 containerd CRI stream server: Host memory exhaustion through terminal resize goroutine leak

containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, f...

CVE-2022-23471 containerd CRI stream server: Host memory exhaustion through terminal resize goroutine leak

containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, f...

containerd 资源管理错误漏洞

containerd is an industry-standard container runtime open-sourced by containerd. A resource management error vulnerability exists in containerd versions prior to 1.6.12, 1.5.16, and prior to 1.5.16. The vulnerability stems from a bug found in containerd's CRI implementation, which can be exploite...