container-tools:1.0 security update

buildah 1.5-8.gite94b4f9.0.1 - Fixes troubles with oracle registry login Orabug: 29937283 1.5-8.gite94b4f9 - bump release to preserve upgrade path - Related: 1821193 1.5-4.gite94b4f9 - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build proces...

openSUSE Security Update : buildah / libcontainers-common / podman (openSUSE-2021-310)

This update for buildah, libcontainers-common, podman fixes the following issues : Changes in libcontainers-common : - Update common to 0.33.0 - Update image to 5.9.0 - Update podman to 2.2.1 - Update storage to 1.24.5 - Switch to seccomp profile provided by common instead of podman - Update...

openSUSE Security Update : firejail (openSUSE-2021-271)

This update for firejail fixes the following issues : firejail 0.9.64.4 is shipped to openSUSE Leap 15.2 - CVE-2021-26910: Fixed root privilege escalation due to race condition boo1181990 Update to 0.9.64.4 : - disabled overlayfs, pending multiple fixes - fixed launch firefox for open url in...

Firejail: Multiple vulnerabilities

Background A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. Description Multiple vulnerabilities have been discovered in Firejail. Please review the CVE identifiers referenced below f...

Authorization Bypass

firejail is vulnerable to authorization bypass. The library does not apply seccomp filter to later join processes which may lead to malicious process to modify files from inside the jail...

qemu security update

CentOS Errata and Security Advisory CESA-2020:3906 An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CentOS 7 : qemu-kvm (RHSA-2020:3906)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3906 advisory. - qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service guest crash by leveraging mishandling of the seccomp policy for...

Ubuntu: Security Advisory (USN-4574-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS : libseccomp-golang vulnerability (USN-4574-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4574-1 advisory. It was discovered that libseccomp-golang did not properly generate BPFs. If a process were running under a restrictive seccomp filter that specified multiple...

USN-4574-1: libseccomp-golang vulnerability

It was discovered that libseccomp-golang did not properly generate BPFs. If a process were running under a restrictive seccomp filter that specified multiple syscall arguments, the application could potentially bypass the intended restrictions put in place by seccomp...

qemu-kvm security, bug fix, and enhancement update

1.5.3-175.el7 - kvm-vnc-fix-memory-leak-when-vnc-disconnect.patch bz1810408 - Resolves: bz1810408 CVE-2019-20382 qemu-kvm: QEMU: vnc: memory leakage upon disconnect rhel-7 1.5.3-174.el7 - kvm-util-add-slirpfmt-helpers2.patch bz1800515 - kvm-tcpemu-fix-unsafe-snprintf-usages2.patch bz1800515 -...

openSUSE Security Update : conmon / fuse-overlayfs / libcontainers-common / etc (openSUSE-2020-1552)

This update for conmon, fuse-overlayfs, libcontainers-common, podman fixes the following issues : podman was updated to v2.0.6 bsc1175821 - install missing systemd units for the new Rest API bsc1175957 and a few man-pages that where missing before - Drop varlink API related bits in favor of the n...

QEMU: seccomp: blacklist is not applied to all threads

qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service guest crash by leveraging mishandling of the seccomp policy for threads other than the main thread...

Low: Red Hat Security Advisory: qemu-kvm-ma security update

An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

QEMU: seccomp: blacklist is not applied to all threads

qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service guest crash by leveraging mishandling of the seccomp policy for threads other than the main thread...

RHEL 7 : qemu-kvm (RHSA-2020:3906)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3906 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide th...

Security update for conmon, fuse-overlayfs, libcontainers-common, podman (moderate)

openSUSE Security Update: Security update for conmon, fuse-overlayfs, libcontainers-common, podman Announcement ID: openSUSE-SU-2020:1559-1 Rating: moderate References: 1162432 1164090 1165738 1171578 1174075 1175821 1175957 Cross-References: CVE-2020-1726 Affected Products: openSUSE Leap 15.2 An...

PT-2021-1501 · Flatpak +9 · Flatpak +9

Name of the Vulnerable Software and Affected Versions: Flatpak versions prior to 1.10.4 and 1.12.0 Description: The issue is related to the lack of blocking in the seccomp filter for mount-related system calls, which can be exploited to gain access to confidential data, disrupt its integrity, and...

Debian: Security Advisory (DLA-2320-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-0261

In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...