Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2020:1650

Опубликовано: 28 апр. 2020
Источник: rocky
Оценка: Moderate

Описание

Moderate: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation (CVE-2019-19921)

  • containers/image: Container images read entire image manifest into memory (CVE-2020-1702)

  • podman: incorrectly allows existing files in volumes to be overwritten by a container when it is created (CVE-2020-1726)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
critx86_649.module+el8.5.0+681+c9a1951fcrit-3.12-9.module+el8.5.0+681+c9a1951f.x86_64.rpm
criux86_649.module+el8.5.0+681+c9a1951fcriu-3.12-9.module+el8.5.0+681+c9a1951f.x86_64.rpm
python3-criux86_649.module+el8.5.0+681+c9a1951fpython3-criu-3.12-9.module+el8.5.0+681+c9a1951f.x86_64.rpm
python-podman-apinoarch0.2.gitd0a45fe.module+el8.5.0+770+e2f49861python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.5.0+770+e2f49861.noarch.rpm
slirp4netnsx86_643.git21fdece.module+el8.5.0+770+e2f49861slirp4netns-0.4.2-3.git21fdece.module+el8.5.0+770+e2f49861.x86_64.rpm
toolboxnoarch1.module+el8.5.0+770+e2f49861toolbox-0.0.7-1.module+el8.5.0+770+e2f49861.noarch.rpm
udicanoarch2.module+el8.5.0+770+e2f49861udica-0.2.1-2.module+el8.5.0+770+e2f49861.noarch.rpm

Показывать по

Связанные CVE

CVE-2019-19921
CVE-2020-1702
CVE-2020-1726

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2020-1650

oracle-oval
около 5 лет назад

ELSA-2020-1650: container-tools:ol8 security, bug fix, and enhancement update (MODERATE)

ubuntu логотип

CVE-2019-19921

CVSS3: 7
ubuntu
больше 5 лет назад

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

redhat логотип

CVE-2019-19921

CVSS3: 7
redhat
больше 5 лет назад

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

nvd логотип

CVE-2019-19921

CVSS3: 7
nvd
больше 5 лет назад

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

debian логотип

CVE-2019-19921

CVSS3: 7
debian
больше 5 лет назад

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalat ...