Security update for podman

This update for podman fixes the following issues: CVE-2024-9676: github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service DoS bsc1231698 Load iptables and ip6tables kernel module bsc1214612 Required for rootless mode as a...

SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2024:3741-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3741-1 advisory. - CVE-2024-9675: Fixed cache arbitrary directory mount bsc1231499. - CVE-2024-9407: Fixed improper Input Validation i...

Security update for podman

This update for podman fixes the following issues: CVE-2024-9675: Fixed cache arbitrary directory mount bsc1231499. CVE-2024-9407: Fixed improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction bsc1231208. The following non-security bug was fixed: rootless ipv6...

SUSE-SU-2024:3741-1 Security update for podman

This update for podman fixes the following issues: - CVE-2024-9675: Fixed cache arbitrary directory mount bsc1231499. - CVE-2024-9407: Fixed improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction bsc1231208. The following non-security bug was fixed: - rootless...

SUSE SLES15 Security Update : buildah (SUSE-SU-2024:3186-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3186-1 advisory. Update to version 1.35.4: CVE-2024-3727 updates bsc1224117 Bump go-jose CVE-2024-28180 Bump ocicrypt and go-jose CVE-2024-28180...

SUSE-SU-2024:3186-1 Security update for buildah

This update for buildah fixes the following issues: Update to version 1.35.4: CVE-2024-3727 updates bsc1224117 Bump go-jose CVE-2024-28180 Bump ocicrypt and go-jose CVE-2024-28180 Update to version 1.35.3: correctly configure /etc/hosts and resolv.conf buildah: refactor resolv/hosts setup. rename...

SUSE: Security Advisory (SUSE-SU-2024:3186-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : buildah, docker (SUSE-SU-2024:3120-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3120-1 advisory. Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts bsc1219267 -...

CVE-2024-45310 runc can be confused to create empty files/directories on the host

runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1867)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

How to Make Veeam Kasten for Kubernetes Grafana Pod rootless

Purpose This article explains how to disable init-container in k10-grafana to run it as rootless. Cause Veeam Kasten for Kubernetes installation provides an instance of Grafana that is deployed automatically and can be used to query metrics from Kasten's Prometheus instance. This grafana pod is r...

[SECURITY] Fedora 40 Update: netavark-1.10.3-3.fc40

OCI network stack Netavark is a rust based network stack for containers. It is being designed to work with Podman but is also applicable for other OCI container management applications. Netavark is a tool for configuring networking for Linux containers. Its features include: Configuration of...

Fedora: Security Advisory for netavark (FEDORA-2024-a267e93f8c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:4936-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:4936-1 Security update for docker, rootlesskit

This update for docker, rootlesskit fixes the following issues: docker: - Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/2407. bsc1217513 Deny containers access to /sys/devices/virtual/powercap by default. - CVE-2020-8694 bsc1170415...

runc: Rootless runc makes `/sys/fs/cgroup` writable

A flaw was found in runc, where it is vulnerable to a denial of service caused by improper access control in the /sys/fs/cgroup endpoint. This flaw allows a local authenticated attacker to cause a denial of service...

runc: Rootless runc makes `/sys/fs/cgroup` writable

A flaw was found in runc, where it is vulnerable to a denial of service caused by improper access control in the /sys/fs/cgroup endpoint. This flaw allows a local authenticated attacker to cause a denial of service...

NewStart CGSL MAIN 6.06 : containerd.io Multiple Vulnerabilities (NS-SA-2023-0139)

The remote NewStart CGSL host, running version MAIN 6.06, has containerd.io packages installed that are affected by multiple vulnerabilities: - runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes...

RHEL 9 : runc (RHSA-2023:6380)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6380 advisory. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes:...

Rocky Linux 8 : container-tools:rhel8 (RLSA-2021:1796)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1796 advisory. - A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause ...