Download
| Alert*
oval:org.secpod.oval:def:19500240
runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes '/sys/fs/cgroup' writable in following conditons: 1. when runc is executed inside the user namespace, and the 'config.json' does not specify the cgrou ... oval:org.secpod.oval:def:708158 runc: Open Container Project Several security issues were fixed in runC. oval:org.secpod.oval:def:93197 runc: Open Container Project Several security issues were fixed in runC. oval:org.secpod.oval:def:1506790 runc [1:1.1.4-1.0.1] - rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809 - rootfs: prohibit symlinks that conflicts with readonlyPaths and/or maskedPaths to prevent CVE-2023-27561 - Prohibit /proc and /sys to be symlinks to prevent CVE-2023-28642 - JIRA: OLDIS-25589 oval:org.secpod.oval:def:1701337 runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgrou ... oval:org.secpod.oval:def:1506775 runc [1:1.1.4-1.0.1] - rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809 - rootfs: prohibit symlinks that conflicts with readonlyPaths and/or maskedPaths to prevent CVE-2023-27561 - Prohibit /proc and /sys to be symlinks to prevent CVE-2023-28642 - JIRA: OLDIS-25589 oval:org.secpod.oval:def:89048758 This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: * CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn"t unshared . * CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability . * CVE-2023-28642: Fixed AppArmor/SE ... oval:org.secpod.oval:def:1701422 runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgrou ... oval:org.secpod.oval:def:1701377 runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgrou ... oval:org.secpod.oval:def:508080 The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. Security Fix: golang: crypto/tls: large handshake records may cause panics runc: Rootless runc makes `/sys/fs/cgroup` writable runc: volume mount race condition runc: AppArmor c ... oval:org.secpod.oval:def:2600400 The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. oval:org.secpod.oval:def:508170 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents golang: html/template: improper handling of JavaScript whitespace net ... oval:org.secpod.oval:def:2501232 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:2501244 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:508206 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents golang: html/template: improper handling of JavaScript whitespace net ... |