Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:2143

Опубликовано: 10 мая 2022
Источник: rocky
Оценка: Important

Описание

Important: container-tools:3.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • psgo: Privilege escalation in 'podman top' (CVE-2022-1227)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
cockpit-podmannoarch2.module+el8.7.0+1076+9b1c11c1cockpit-podman-29-2.module+el8.7.0+1076+9b1c11c1.noarch.rpm
containernetworking-pluginsx86_641.module+el8.7.0+1076+9b1c11c1containernetworking-plugins-0.9.1-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
critx86_641.module+el8.7.0+1076+9b1c11c1crit-3.15-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
criux86_641.module+el8.7.0+1076+9b1c11c1criu-3.15-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
crunx86_643.module+el8.7.0+1076+9b1c11c1crun-0.18-3.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
fuse-overlayfsx86_642.module+el8.7.0+1076+9b1c11c1fuse-overlayfs-1.4.0-2.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
libslirpx86_641.module+el8.7.0+1076+9b1c11c1libslirp-4.3.1-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
libslirp-develx86_641.module+el8.7.0+1076+9b1c11c1libslirp-devel-4.3.1-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
oci-seccomp-bpf-hookx86_643.module+el8.7.0+1076+9b1c11c1oci-seccomp-bpf-hook-1.2.0-3.module+el8.7.0+1076+9b1c11c1.x86_64.rpm
python3-criux86_641.module+el8.7.0+1076+9b1c11c1python3-criu-3.15-1.module+el8.7.0+1076+9b1c11c1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2022-1227

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2022-1227

CVSS3: 8.8
ubuntu
около 3 лет назад

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

redhat логотип

CVE-2022-1227

CVSS3: 8
redhat
почти 4 года назад

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

nvd логотип

CVE-2022-1227

CVSS3: 8.8
nvd
около 3 лет назад

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

msrc логотип

CVE-2022-1227

CVSS3: 8.8
msrc
около 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-1227

CVSS3: 8.8
debian
около 3 лет назад

A privilege escalation flaw was found in Podman. This flaw allows an a ...