Security update for buildah

This update for buildah fixes the following issues: CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1253096 Other fixes: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless bsc1252543 Patch Instructions: To...

SUSE-SU-2025:4074-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1253096 Other fixes: - podman and buildah with runc 1.3.2 fail with lots of warnings as rootless bsc1252543...

SUSE-SU-2025:21038-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed various container breakouts bsc1252376: - Fixed podman & buildah with runc 1.3.2 fail with lots of warnings as rootless bsc1252543...

SUSE CVE-2024-25621

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...

AZL-69812 CVE-2024-25621 affecting package moby-containerd for versions less than 1.6.26-13

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...

AZL-69815 CVE-2024-25621 affecting package moby-containerd-cc for versions less than 1.7.7-13

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...

AZL-69808 CVE-2024-25621 affecting package containerd2 for versions less than 2.0.0-16

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...

AZL-69734 CVE-2024-25621 affecting package moby-containerd-cc for versions less than 1.7.7-10

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...

UBUNTU-CVE-2024-25621

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...

CVE-2024-25621 containerd affected by a local privilege escalation via wide permissions on CRI directory

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...

CVE-2024-25621

CVE-2024-25621 affects containerd: versions 0.1.0–1.7.28, 2.0.0-beta.0–2.0.6, 2.1.0-beta.0–2.1.4, and 2.2.0-beta.0–2.2.0-rc.1 create directories with overly broad permissions (e.g., /var/lib/containerd, /run/containerd/io.containerd.grpc.v1.cri, /run/containerd/io.containerd.sandbox.controller.v1...

CVE-2024-25621 containerd affected by a local privilege escalation via wide permissions on CRI directory

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...

Incorrect Execution-Assigned Permissions

Overview Affected versions of this package are vulnerable to Incorrect Execution-Assigned Permissions when initialising host directories with 711 and 755 permissions instead of 700. An attacker can gain unauthorized access to sensitive data and potentially escalate privileges by accessing...

EUVD-2024-22942

containerd affected by a local privilege escalation via wide permissions on CRI directory...

Incorrect Execution-Assigned Permissions

Overview Affected versions of this package are vulnerable to Incorrect Execution-Assigned Permissions when initialising host directories with 711 and 755 permissions instead of 700. An attacker can gain unauthorized access to sensitive data and potentially escalate privileges by accessing...

Incorrect Execution-Assigned Permissions

Overview Affected versions of this package are vulnerable to Incorrect Execution-Assigned Permissions when initialising host directories with 711 and 755 permissions instead of 700. An attacker can gain unauthorized access to sensitive data and potentially escalate privileges by accessing...

Incorrect Execution-Assigned Permissions

Overview Affected versions of this package are vulnerable to Incorrect Execution-Assigned Permissions when initialising host directories with 711 and 755 permissions instead of 700. An attacker can gain unauthorized access to sensitive data and potentially escalate privileges by accessing...

CVE-2025-52881

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...