4 matches found
CVE-2019-18837
An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chrootrealpath.c...
CVE-2019-18837
CVE-2019-18837 affects crun prior to 0.10.5. A crafted image can bypass target-symlink checks, granting access to files outside the container via the codepaths in libcrun/linux.c and libcrun/chroot_realpath.c. The vulnerability has multiple vendor/advisory references (Red Hat, Debian, OSV, CVE li...
Fedora 31 : crun (2019-1ba2a6e386)
built version 0.10.5 fix CVE-2019-18837 ---- built version 0.10.4 ---- built version 0.10.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possib...
Fedora 30 : crun (2019-80a2646798)
built version 0.10.5 fix CVE-2019-18837 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...