A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.

...

SUSE-RU-2023:2566-1 Security update for SUSE Manager Server 4.3

This update fixes the following issues: branch-network-formula: - Update to version 0.1.1680167239.23f2fec Remove unnecessary import of 'salt.ext.six' cobbler: - Fix cobbler buildiso so that the artifact can be booted by EFI firmware. bsc1206060 - Switch packaging from patch based to Git tree bas...

Security Bulletin: IBM Netezza as a Service is vulnerable to CVE-2022-0811

Summary IBM Netezza as a Service is vulnerable to arbitrary code execution as root on the cluster node due to CVE-2022-0811 although severity is low. Vulnerability is addressed by upgrading OCP version to 4.8.42. Vulnerability Details CVEID: CVE-2022-0811 DESCRIPTION: CRI-O could allow a remote...

New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers

A newly disclosed security vulnerability in the Kubernetes container engine CRI-O called cr8escape could be exploited by an attacker to break out of containers and obtain root access to the host. "Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives,...

Oracle Linux 7 / 8 : cri-o (ELSA-2022-9228)

The remote Oracle Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-9228 advisory. 1.20.7-1 - Added Oracle Specifile Files for cri-o Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. No...

AZL-37070 CVE-2022-0811 affecting package cri-o for versions less than 1.22.3-1

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deploy...

CVE-2022-0811

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deploy...

Code injection

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deploy...

PT-2022-1850 · Cri-O +2 · Cri-O +2

Name of the Vulnerable Software and Affected Versions: CRI-O versions 1.19 through 1.23.1 CRI-O versions prior to 1.19.6 CRI-O versions prior to 1.20.7 CRI-O versions prior to 1.21.6 CRI-O versions prior to 1.22.3 CRI-O versions prior to 1.23.2 CRI-O version 1.24.0 and earlier Description: A flaw...

openSUSE Security Update : cobbler (openSUSE-2018-952)

This update for cobbler fixes the following issues : Security issues fixed : - Forbid exposure of private methods in the API CVE-2018-10931, CVE-2018-1000225, bsc1104287, bsc1104189, bsc1105442 - Check access token when calling 'modifysetting' API endpoint bsc1104190, bsc1105440, CVE-2018-1000226...

Security update for cobbler (important)

This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API CVE-2018-10931, CVE-2018-1000225, bsc1104287, bsc1104189, bsc1105442 - Check access token when calling 'modifysetting' API endpoint bsc1104190, bsc1105440, CVE-2018-1000226...

SUSE-SU-2018:2551-1 Security update for cobbler

This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API CVE-2018-10931, CVE-2018-1000225, bsc1104287, bsc1104189, bsc1105442 - Check access token when calling 'modifysetting' API endpoint bsc1104190, bsc1105440, CVE-2018-1000226...

Fedora 16 : cifs-utils-5.4-1.fc16 (2012-6375)

This updates the cifs-utils package to version 5.4, which contains a number of bugfixes and enhancements. Highlights include : - mount.cifs now supports the -s option by passing 'sloppy' to the kernel in the options string - cifs.upcall now properly respects the domainrealm section in krb5.conf -...