Design/Logic Flaw

A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context...

CVE-2023-0229

A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context...

PT-2023-16097 · Red Hat · Openshift

Name of the Vulnerable Software and Affected Versions: OpenShift versions 4.11 through 4.12 Description: A flaw was found in the apiserver-library-go package that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." The seccomp profile used in the...

AlmaLinux 9 : kernel (ALSA-2023:0334)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0334 advisory. - A race condition was found in the Linux kernel's watch queue due to a missing lock in piperesizering. The specific flaw exists within the handling of pi...

AlmaLinux 9 : kernel-rt (ALSA-2023:0300)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0300 advisory. - A race condition was found in the Linux kernel's watch queue due to a missing lock in piperesizering. The specific flaw exists within the handling of pi...

CVE-2023-0229

A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context...

Oracle Linux 9 : kernel (ELSA-2023-0334)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0334 advisory. - drm/i915: fix TLB invalidation for Gen12 video and compute engines Wander Lairson Costa 2148152 2148153 CVE-2022-4139 - pipe: Fix missing lock in...

CVE-2023-0229

CVE-2023-0229 is tied to the OpenShift OpenShift apiserver-library-go component. The flaw allows low-privilege users to alter the seccomp profile of pods they control to unconfined, taking advantage of the default restricted-v2 SCC seccomp profile (runtime/default). The vulnerability originates f...

kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option

A flaw was found in the Linux kernel. The PTRACESEIZE code path allows attackers to bypass intended restrictions on setting the PTSUSPENDSECCOMP flag, possibly disabling seccomp...

kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option

A flaw was found in the Linux kernel. The PTRACESEIZE code path allows attackers to bypass intended restrictions on setting the PTSUSPENDSECCOMP flag, possibly disabling seccomp...

RHEL 9 : kernel-rt (RHSA-2023:0300)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0300 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

RHEL 9 : kernel (RHSA-2023:0334)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0334 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: watch queue race condition can...

GSD-2023-1001220 seccomp: Move copy_seccomp() to no failure path.

seccomp: Move copyseccomp to no failure path. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit...

GSD-2023-1000848 seccomp: Move copy_seccomp() to no failure path.

seccomp: Move copyseccomp to no failure path. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

container-tools:rhel8 bug fix and enhancement update

An update is available for runc, aardvark-dns, podman, oci-seccomp-bpf-hook, buildah, toolbox, slirp4netns, criu, cockpit-podman, fuse-overlayfs, container-selinux, conmon, libslirp, containernetworking-plugins, udica, containers-common, netavark, skopeo, crun, python-podman. This update affects...

CVE-2023-0229

A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context...

Red Hat OpenShift 输入验证错误漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. An input validation error vulnerability exists in Red Hat OpenShift versions 4.12 and 4.11, which originates from allowing users to s...

oci-seccomp-bpf-hook bug fix and enhancement update

An update is available for oci-seccomp-bpf-hook. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Roc...

container-tools:4.0 security and bug fix update

buildah 1:1.24.5-2 - update to the latest content of https://github.com/containers/buildah/tree/release-1.24 https://github.com/containers/buildah/commit/8cc4586 - Related: 2061390 1:1.24.5-1 - update to the latest content of https://github.com/containers/buildah/tree/release-1.24...

container-tools:3.0 security update

buildah 1.19.9-6 - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 https://github.com/containers/buildah/commit/6d7f496 - Related: 2061390 1.19.9-5 - update to the latest content of https://github.com/containers/buildah/tree/release-1.19...