Download
| Alert*
oval:org.secpod.oval:def:42571
runc is installed oval:org.secpod.oval:def:503434 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * QEMU: slirp: heap buffer overflow during packet reassembly * containers/image: not enforcing TLS when sending username+password credentials to token servers leading to c ... oval:org.secpod.oval:def:503650 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu For more details about the security issue, including the impact, a CVSS score, acknowledgments, a ... oval:org.secpod.oval:def:42574 The host is installed with RunC on Ubuntu 16.04, 17.04 or 17.10 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly treat a numeric UID. Successful exploitation could allow attackers to to gain privileges via a numeric username in the p ... oval:org.secpod.oval:def:42584 libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. oval:org.secpod.oval:def:118793 Utility that allows users to manage packages on their systems. It supports RPMs, modules and comps groups and environments. oval:org.secpod.oval:def:66473 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * QEMU: slirp: heap buffer overflow during packet reassembly * containers/image: not enforcing TLS when sending username+password credentials to token servers leading to c ... oval:org.secpod.oval:def:66540 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu For more details about the security issue, including the impact, a CVSS score, acknowledgments, a ... oval:org.secpod.oval:def:111904 runc is installed oval:org.secpod.oval:def:506494 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * buildah: Host environment variables leaked in build container when using chroot isolation * containers/storage: DoS via malicious image For more details about the secur ... oval:org.secpod.oval:def:506528 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * buildah: Host environment variables leaked in build container when using chroot isolation For more details about the security issue, including the impact, a CVSS score, ... oval:org.secpod.oval:def:2501003 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:2501004 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:2501005 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:504747 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters * QEMU: slirp: networking out-of-bounds read information disclosure vulne ... oval:org.secpod.oval:def:507383 The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. Security Fix: * runc: incorrect handling of inheritable capabilities For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other relat ... oval:org.secpod.oval:def:72108 runc: Open Container Project runC could be made to overwrite files as the administrator. oval:org.secpod.oval:def:1504763 buildah [1.11.6-8.0.1] - Reduce unnecessary writable mounts in NaiveDiffDriver [Orabug: 31025483] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.11.6-8] - exclude i686 arch - Related: #1821193 [1.11.6-7] - fix "CVE-2020-10696 buildah: crafted input tar file may lead to local file ... oval:org.secpod.oval:def:2500401 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:1504749 buildah [1.5-8.gite94b4f9.0.1] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.5-8.gite94b4f9] - bump release to preserve upgrade path - Related: #1821193 [1.5-4.gite94b4f9] - fix "CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build ... oval:org.secpod.oval:def:89048871 This update of runc fixes the following issues: * rebuild the package with the go 19.9 secure release . oval:org.secpod.oval:def:1506199 aardvark-dns [2:1.1.0-5] - fix Two aardvark-dns instances trying to use the same port on the same interface - Resolves: #2130234 buildah [1:1.27.2-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.27 - Resolves: #2136438 [1:1.27.2-1] - update to the latest con ... oval:org.secpod.oval:def:507287 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * podman: possible information disclosure and modification * buildah: possible information disclosure and modification For more details about the security issue, includin ... oval:org.secpod.oval:def:115800 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:115801 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:116003 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:50973 Utility that allows users to manage packages on their systems. It supports RPMs, modules and comps groups and environments. oval:org.secpod.oval:def:507262 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * cri-o: memory exhaustion on the node when access to the kube api * golang: crash in a golang.org/x/crypto/ssh server * runc: incorrect handling of inheritable capabilit ... oval:org.secpod.oval:def:507303 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * golang: net/http/httputil: panic due to racy read of persistConn after handler panic * cri-o: memory exhaustion on the node when access to the kube api * golang: crash ... oval:org.secpod.oval:def:1506184 aardvark-dns [2:1.1.0-4] - remove windows binaries and regenerate vendor tarball - Related: #2061390 [2:1.1.0-3] - add gating.yaml - Related: #2061390 [2:1.1.0-2] - bump Epoch to preserve upgrade path - Related: #2061390 [1.1.0-1] - initial import - Related: #2061390 buildah [1:1.27.0-2] - fix CVE-2 ... oval:org.secpod.oval:def:1506180 buildah [1:1.24.5-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.24 - Related: #2061390 [1:1.24.5-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.24 - Related: #2061390 cockpit-podman [46-1] - update to https://gi ... oval:org.secpod.oval:def:1505450 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505218 buildah [1.19.9-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 - fixes CVE-2021-3602 - Related: #1977943 oval:org.secpod.oval:def:4501269 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * buildah: Host environment variables leaked in build container when using chroot isolation For more details about the security issue, including the impact, a CVSS score, ... oval:org.secpod.oval:def:2500995 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:2500994 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:1505242 buildah [1.11.6-9.0.1] - Reduce unnecessary writable mounts in NaiveDiffDriver [Orabug: 31025483] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.11.6-9] - update to the latest content of https://github.com/containers/buildah/tree/release-1.11-rhel - fixes CVE-2021-3602 - Related: ... oval:org.secpod.oval:def:4501283 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * buildah: Host environment variables leaked in build container when using chroot isolation For more details about the security issue, including the impact, a CVSS score, ... oval:org.secpod.oval:def:119751 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiatives specifications, and to manage containers running under runc. oval:org.secpod.oval:def:4501295 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * buildah: Host environment variables leaked in build container when using chroot isolation * containers/storage: DoS via malicious image For more details about the secur ... oval:org.secpod.oval:def:118817 Utility that allows users to manage packages on their systems. It supports RPMs, modules and comps groups and environments. oval:org.secpod.oval:def:117208 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:117203 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:1505316 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505284 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:111903 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:89049810 This update of runc fixes the following issues: * Update to runc v1.1.8. Upstream changelog is available from less than https://github.com/opencontainers/runc/releases/tag/v1.1.8greater than . * rebuild the package with the go 1.21 security release . oval:org.secpod.oval:def:5800129 The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. Security Fix: * runc: incorrect handling of inheritable capabilities For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other relat ... oval:org.secpod.oval:def:2600066 The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. oval:org.secpod.oval:def:87154 [4:1.1.4-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.4 - Related: #2061316 oval:org.secpod.oval:def:123958 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:1505585 buildah [1.11.6-10.0.1] - Handling redirect from the docker registry [Orabug: 29874238] - Reduce unnecessary writable mounts in NaiveDiffDriver [Orabug: 31025483] [1.11.6-10] - update to the latest content of https://github.com/containers/buildah/tree/release-1.11-rhel - fixes CVE-2022-27649 podman ... oval:org.secpod.oval:def:2500629 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:1505688 buildah [1.19.9-3] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 - Resolves: #2067540 container-selinux [2:2.178.0-2] - remove conflict on udica - we still ship udica 2.4 in 3.0-8.6.0 - Related: #2067540 [2:2.178.0-1] - update to https://github.com/contai ... oval:org.secpod.oval:def:2500540 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:4500933 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * psgo: Privilege escalation in "podman top" * prometheus/client_golang: Denial of service using InstrumentHandlerCounter * podman: Default inheritable capabilities for l ... oval:org.secpod.oval:def:1505676 buildah [1:1.24.2-4] - update to the latest content of https://github.com/containers/buildah/tree/release-1.24 - Related: #2059296 [1:1.24.2-3] - switch to RHEL maintenance branch which fixes CVE-2022-27651 - Resolves: #2067559 [1:1.24.2-2] - Add patch to fix bash symtax for gating tests - Upstream ... oval:org.secpod.oval:def:2500251 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:2500378 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:4500026 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:1505583 buildah [1.19.9-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 - fixes CVE-2022-27651 - Resolves: #2067539 podman [3.0.1-8] - update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel - fixes CVE-2022-27649 - Resolves: #206751 ... oval:org.secpod.oval:def:706019 runc: Open Container Project runC could be made to overwrite files as the administrator. oval:org.secpod.oval:def:1504953 runc [1.0.0-65.rc10] - fix CVE-2021-30465 - Resolves: #1955650 oval:org.secpod.oval:def:4500072 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:73645 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * runc: vulnerable to symlink exchange attack For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information ... oval:org.secpod.oval:def:73644 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * runc: vulnerable to symlink exchange attack For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information ... oval:org.secpod.oval:def:1700778 The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity as ... oval:org.secpod.oval:def:1504971 [1.0.0-1.rc95] - Addresses CVE-2021-30465 oval:org.secpod.oval:def:4500098 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:1700750 The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity as ... oval:org.secpod.oval:def:2500419 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:1505281 [1.0.0-1.rc95] - Addresses CVE-2021-30465 oval:org.secpod.oval:def:2500477 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:73610 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference * podman: Remote traffic to rootless containers is seen as orginating from localho ... oval:org.secpod.oval:def:1505205 cockpit-podman [29-2] - fix gating test failure for cockpit-podman - Related: #1914884 [29-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/29 - Related: #1883490 conmon [2:2.0.26-1] - update to https://github.com/containers/conmon/releases/tag/v2.0.26 - Related: #188349 ... oval:org.secpod.oval:def:2500252 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:1504647 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:68023 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters * QEMU: slirp: networking out-of-bounds read information disclosure vulne ... oval:org.secpod.oval:def:1505288 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2500891 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:2500888 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:42573 The host is installed with RunC on Ubuntu 17.04 or 17.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle the container. Successful exploitation could allow attackers to gain access to file-descriptors of new processes duri ... oval:org.secpod.oval:def:112959 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:502164 The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. Security Fix: * The runc component used by `docker exec` feature of docker allowed additional container processes via to be ptraced by the pid 1 of the container. This allows the ma ... oval:org.secpod.oval:def:1502538 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:504373 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu For more details about the security issue, including the impact, a CVSS score, acknowledgments, a ... oval:org.secpod.oval:def:19500263 runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where 'runc exec --cap' created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling prog ... oval:org.secpod.oval:def:89051247 This update of runc and containerd fixes the following issues: containerd: * Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful catatonit: * Update to catatonit v0.2.0. * Change license t ... oval:org.secpod.oval:def:19500343 The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value oval:org.secpod.oval:def:2501220 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:4501506 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * golang: net/http: insufficient sanitization of Host header For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other rela ... oval:org.secpod.oval:def:1701571 The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value oval:org.secpod.oval:def:3300964 SUSE Security Update: Security update for containerd, docker and runc oval:org.secpod.oval:def:50980 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:116393 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:1504858 [1.0.0-92.rc92] - Add epoch value of 2 to allow upgrade to 1.0.0-92.rc92 from 1.0.0-93.rc93. [1.0.0-92.rc92] - Build for https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92 oval:org.secpod.oval:def:116486 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:50662 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacke ... oval:org.secpod.oval:def:50663 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacke ... oval:org.secpod.oval:def:50664 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacke ... oval:org.secpod.oval:def:115941 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:502609 The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. Security Fix: * A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc ... oval:org.secpod.oval:def:708158 runc: Open Container Project Several security issues were fixed in runC. oval:org.secpod.oval:def:1506790 runc [1:1.1.4-1.0.1] - rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809 - rootfs: prohibit symlinks that conflicts with readonlyPaths and/or maskedPaths to prevent CVE-2023-27561 - Prohibit /proc and /sys to be symlinks to prevent CVE-2023-28642 - JIRA: OLDIS-25589 oval:org.secpod.oval:def:89048758 This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: * CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn"t unshared . * CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability . * CVE-2023-28642: Fixed AppArmor/SE ... oval:org.secpod.oval:def:503573 The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. Security Fix: * runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation For more details about the security issue, including the impac ... oval:org.secpod.oval:def:95281 buildah [1:1.24.6-7] - rebuild for CVE-2023-29406 - Related: #2176055 cockpit-podman [46-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/46 - Related: #2061390 conmon [2:2.1.4-2] - update to https://github.com/containers/conmon/releases/tag/v2.1.4 - Related: #2176055 co ... oval:org.secpod.oval:def:1700773 runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. A flaw was found in runc. An attacker who con ... oval:org.secpod.oval:def:19500240 runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes '/sys/fs/cgroup' writable in following conditons: 1. when runc is executed inside the user namespace, and the 'config.json' does not specify the cgrou ... oval:org.secpod.oval:def:125320 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:125322 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:1700742 runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. A flaw was found in runc. An attacker who con ... oval:org.secpod.oval:def:1506775 runc [1:1.1.4-1.0.1] - rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809 - rootfs: prohibit symlinks that conflicts with readonlyPaths and/or maskedPaths to prevent CVE-2023-27561 - Prohibit /proc and /sys to be symlinks to prevent CVE-2023-28642 - JIRA: OLDIS-25589 oval:org.secpod.oval:def:1505321 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:125455 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:507747 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * golang: go/parser: stack exhaustion in all Parse* functions * golang: net/http: handle server erro ... oval:org.secpod.oval:def:1506787 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2500884 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:1506183 buildah [1.19.9-6] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 - Related: #2061390 [1.19.9-5] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 - Related: #2061390 [1.19.9-4] - update to the latest content of htt ... oval:org.secpod.oval:def:507725 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * golang: go/parser: stack exhaustion in all Parse* functions * golang: net/http: handle server erro ... oval:org.secpod.oval:def:2501244 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:2501232 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:507338 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * golang: net/http: improper sanitization of Transfer-Encoding header * cri-o: memory exhaustion on the node when access to the kube api * golang: go/parser: stack exhaus ... oval:org.secpod.oval:def:1506777 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2600400 The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. oval:org.secpod.oval:def:2501010 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:1701889 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:19500458 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701877 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701870 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:89051457 This update for runc fixes the following issues: * Update to runc v1.1.12 The following CVE was already fixed with the previous release. * CVE-2024-21626: Fixed container breakout. oval:org.secpod.oval:def:98512 It was discovered that runc, a command line client for running applications packaged according to the Open Container Format , was suspectible to multiple container breakouts due to an internal file descriptor leak. oval:org.secpod.oval:def:509020 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: runc: file descriptor leak For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE ... oval:org.secpod.oval:def:127143 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:98694 runc: Open Container Project runC could be made to expose sensitive information or allow to escape contianers. oval:org.secpod.oval:def:97891 The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. Security Fix: runc: file descriptor leak For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the ... oval:org.secpod.oval:def:509173 The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. Security Fix: runc: file descriptor leak For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the ... oval:org.secpod.oval:def:3302372 Security update for runc oval:org.secpod.oval:def:127108 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative';s specifications, and to manage containers running under runc. oval:org.secpod.oval:def:1702081 AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the container's file system nam ... oval:org.secpod.oval:def:1702082 AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the container's file system nam ... oval:org.secpod.oval:def:89051433 This update for runc fixes the following issues: Update to runc v1.1.11: * CVE-2024-21626: Fixed container breakout oval:org.secpod.oval:def:1702080 AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the container's file system nam ... oval:org.secpod.oval:def:708739 runc: Open Container Project runC could be made to expose sensitive information or allow to escape contianers. oval:org.secpod.oval:def:19500589 AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the container's file system nam ... oval:org.secpod.oval:def:1507368 buildah cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp oci-seccomp-bpf-hook podman [2:4.0.2-26] - rebuild with golang 1.20.12 for CVE-2023-39326 python-podman runc [1:1.1.12-1.0.1] - rebuild with golang 1.20.12 for CVE-2023-393 ... oval:org.secpod.oval:def:509030 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: runc: file descriptor leak A Red Hat Security Bulletin which addresses further details about the Leaky Vessels flaw is available in the References section. golang: net/ht ... oval:org.secpod.oval:def:509098 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: golang: archive/tar: unbounded memory consumption when reading headers golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters golang: net ... oval:org.secpod.oval:def:2501387 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:2600554 The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. |