Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2020:4694

Опубликовано: 03 нояб. 2020
Источник: rocky
Оценка: Moderate

Описание

Moderate: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749)

  • QEMU: slirp: networking out-of-bounds read information disclosure vulnerability (CVE-2020-10756)

  • golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
libslirpx86_641.module+el8.7.0+1076+9b1c11c1libslirp-4.3.1-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
libslirp-develx86_641.module+el8.7.0+1076+9b1c11c1libslirp-devel-4.3.1-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
python-podman-apinoarch0.2.gitd0a45fe.module+el8.5.0+770+e2f49861python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.5.0+770+e2f49861.noarch.rpm

Показывать по

Связанные CVE

CVE-2020-10749
CVE-2020-10756
CVE-2020-14040

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2020-4694

oracle-oval
больше 4 лет назад

ELSA-2020-4694: container-tools:ol8 security, bug fix, and enhancement update (MODERATE)

ubuntu логотип

CVE-2020-10749

CVSS3: 6
ubuntu
около 5 лет назад

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.

redhat логотип

CVE-2020-10749

CVSS3: 6
redhat
около 5 лет назад

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.

nvd логотип

CVE-2020-10749

CVSS3: 6
nvd
около 5 лет назад

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.

debian логотип

CVE-2020-10749

CVSS3: 6
debian
около 5 лет назад

A vulnerability was found in all versions of containernetworking/plugi ...