Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:2084

Опубликовано: 06 мая 2024
Источник: rocky
Оценка: Important

Описание

Important: container-tools:4.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • buildah: full container escape at build time (CVE-2024-1753)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
aardvark-dnsx86_6438.module+el8.9.0+1445+07728297aardvark-dns-1.0.1-38.module+el8.9.0+1445+07728297.x86_64.rpm
buildahx86_641.module+el8.9.0+1797+b9a484c9buildah-1.24.7-1.module+el8.9.0+1797+b9a484c9.x86_64.rpm
buildah-testsx86_641.module+el8.9.0+1797+b9a484c9buildah-tests-1.24.7-1.module+el8.9.0+1797+b9a484c9.x86_64.rpm
cockpit-podmannoarch1.module+el8.9.0+1445+07728297cockpit-podman-46-1.module+el8.9.0+1445+07728297.noarch.rpm
conmonx86_642.module+el8.9.0+1445+07728297conmon-2.1.4-2.module+el8.9.0+1445+07728297.x86_64.rpm
containernetworking-pluginsx86_646.module+el8.9.0+1653+32675f1ccontainernetworking-plugins-1.1.1-6.module+el8.9.0+1653+32675f1c.x86_64.rpm
containers-commonx86_6438.module+el8.9.0+1445+07728297containers-common-1-38.module+el8.9.0+1445+07728297.x86_64.rpm
container-selinuxnoarch3.module+el8.9.0+1445+07728297container-selinux-2.205.0-3.module+el8.9.0+1445+07728297.noarch.rpm
critx86_643.module+el8.9.0+1445+07728297crit-3.15-3.module+el8.9.0+1445+07728297.x86_64.rpm
criux86_643.module+el8.9.0+1445+07728297criu-3.15-3.module+el8.9.0+1445+07728297.x86_64.rpm

Показывать по

Связанные CVE

CVE-2024-1753

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2024-1753

CVSS3: 8.6
ubuntu
больше 1 года назад

A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.

redhat логотип

CVE-2024-1753

CVSS3: 8.6
redhat
больше 1 года назад

A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.

nvd логотип

CVE-2024-1753

CVSS3: 8.6
nvd
больше 1 года назад

A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.

msrc логотип

CVE-2024-1753

CVSS3: 8.6
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2024-1753

CVSS3: 8.6
debian
больше 1 года назад

A flaw was found in Buildah (and subsequently Podman Build) which allo ...