Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:1793

Опубликовано: 10 мая 2022
Источник: rocky
Оценка: Moderate

Описание

Moderate: container-tools:3.0 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • crun: Default inheritable capabilities for linux container should be empty (CVE-2022-27650)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
cockpit-podmannoarch2.module+el8.7.0+1076+9b1c11c1cockpit-podman-29-2.module+el8.7.0+1076+9b1c11c1.noarch.rpm
containernetworking-pluginsx86_641.module+el8.7.0+1076+9b1c11c1containernetworking-plugins-0.9.1-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
critx86_641.module+el8.7.0+1076+9b1c11c1crit-3.15-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
criux86_641.module+el8.7.0+1076+9b1c11c1criu-3.15-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
crunx86_643.module+el8.7.0+1076+9b1c11c1crun-0.18-3.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
fuse-overlayfsx86_642.module+el8.7.0+1076+9b1c11c1fuse-overlayfs-1.4.0-2.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
libslirpx86_641.module+el8.7.0+1076+9b1c11c1libslirp-4.3.1-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
libslirp-develx86_641.module+el8.7.0+1076+9b1c11c1libslirp-devel-4.3.1-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
oci-seccomp-bpf-hookx86_643.module+el8.7.0+1076+9b1c11c1oci-seccomp-bpf-hook-1.2.0-3.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
python3-criux86_641.module+el8.7.0+1076+9b1c11c1python3-criu-3.15-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2022-27650

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2022-27650

CVSS3: 7.5
ubuntu
около 3 лет назад

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

redhat логотип

CVE-2022-27650

CVSS3: 5.6
redhat
около 3 лет назад

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

nvd логотип

CVE-2022-27650

CVSS3: 7.5
nvd
около 3 лет назад

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

debian логотип

CVE-2022-27650

CVSS3: 7.5
debian
около 3 лет назад

A flaw was found in crun where containers were incorrectly started wit ...

oracle-oval логотип

ELSA-2022-1793

oracle-oval
около 3 лет назад

ELSA-2022-1793: container-tools:3.0 security and bug fix update (MODERATE)