SUSE-SU-2023:3536-1 Security update for docker

This update for docker fixes the following issues: - Update to Docker 24.0.5-ce. See upstream changelong online at bsc1213229 - Update to Docker 24.0.4-ce. See upstream changelog online at . bsc1213500 - Update to Docker 24.0.3-ce. See upstream changelog online at . bsc1213120 - Recommend...

buildah security update

runc 1:1.1.4-1.0.1 - rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809 - rootfs: prohibit symlinks that conflicts with readonlyPaths and/or maskedPaths to prevent CVE-2023-27561 - Prohibit /proc and /sys to be symlinks to prevent CVE-2023-28642 - JIRA: OLDIS-25589...

Amazon Linux 2023 : runc (ALAS2023-2023-208)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-208 advisory. runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following...

Amazon Linux 2 : runc (ALASNITRO-ENCLAVES-2023-024)

The version of runc installed on the remote host is prior to 1.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2023-024 advisory. runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions ...

Important: runc

Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not...

Important: runc

Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not...

Important: runc

Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not...

fuse-overlayfs bug fix and enhancement update

An update is available for fuse-overlayfs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fuse-overlayfs package provides an overlayfs FUSE implementation,...

USN-6088-1 runc vulnerabilities

It was discovered that runC incorrectly made /sys/fs/cgroup writable when in rootless mode. An attacker could possibly use this issue to escalate privileges. CVE-2023-25809 It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could...

CVE-2023-32080

Summary: CVE-2023-32080 affects Wings (Pterodactyl Panel) prior to v1.7.5 and v1.11.0 prior to v1.11.6. Affected code paths allow an attacker to escalate by injecting commands via the server install script (or user data/environment variables) to gain access to the host running Wings. The issue is...

CVE-2023-30549 Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer

Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer 1.1.0 and installations that include apptainer-suid 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterpri...

OESA-2023-1204 runc security update

runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following...

Improper Access Control

github.com/opencontainers/runc is vulnerable to Improper Access Control. The vulnerability exists because the rootless runc makes /sys/fs/cgroup writable when runc is executed inside the user namespace, and the config.json does not specify the cgroup namespace to be unshared e.g..,...

SUSE SLES12 Security Update : runc (SUSE-SU-2023:1726-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1726-1 advisory. - runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that...

rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

...

GHSA-M8CG-XC2P-R3FC rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

Impact It was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup namespace to be unshared e.g.., docker|podman|nerdctl run --cgroupns=host, with Rootless...

SUSE CVE-2023-25809

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

AZL-25851 CVE-2023-25809 affecting package moby-runc for versions less than 1.1.5-1

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

DEBIAN-CVE-2023-25809

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

Design/Logic Flaw

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...