Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:2098

Опубликовано: 06 мая 2024
Источник: rocky
Оценка: Important

Описание

Important: container-tools:rhel8 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Bug Fix(es):

  • container_init_t does not possess ptrace process context [rhel-8.9.0.z] (JIRA:Rocky Linux-28923)

Security Fix(es):

  • podman: full container escape at build time (CVE-2024-1753)

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
aardvark-dnsx86_641.module+el8.9.0+1580+e76741f0aardvark-dns-1.7.0-1.module+el8.9.0+1580+e76741f0.x86_64.rpm
buildahx86_641.module+el8.9.0+1796+73260e20buildah-1.31.5-1.module+el8.9.0+1796+73260e20.x86_64.rpm
buildah-testsx86_641.module+el8.9.0+1796+73260e20buildah-tests-1.31.5-1.module+el8.9.0+1796+73260e20.x86_64.rpm
cockpit-podmannoarch1.module+el8.9.0+1580+e76741f0cockpit-podman-75-1.module+el8.9.0+1580+e76741f0.noarch.rpm
cockpit-podmannoarch1.module+el8.9.0+1580+e76741f0cockpit-podman-75-1.module+el8.9.0+1580+e76741f0.noarch.rpm
conmonx86_641.module+el8.9.0+1444+82dcc378conmon-2.1.8-1.module+el8.9.0+1444+82dcc378.x86_64.rpm
containernetworking-pluginsx86_648.module+el8.9.0+1703+29de406econtainernetworking-plugins-1.3.0-8.module+el8.9.0+1703+29de406e.x86_64.rpm
containers-commonx86_6471.module+el8.9.0+1703+29de406econtainers-common-1-71.module+el8.9.0+1703+29de406e.x86_64.rpm
container-selinuxnoarch1.module+el8.9.0+1774+ddf2a761container-selinux-2.229.0-1.module+el8.9.0+1774+ddf2a761.noarch.rpm
container-selinuxnoarch1.module+el8.9.0+1774+ddf2a761container-selinux-2.229.0-1.module+el8.9.0+1774+ddf2a761.noarch.rpm

Показывать по

Связанные CVE

CVE-2024-1753

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2024-1753

CVSS3: 8.6
ubuntu
больше 1 года назад

A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.

redhat логотип

CVE-2024-1753

CVSS3: 8.6
redhat
больше 1 года назад

A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.

nvd логотип

CVE-2024-1753

CVSS3: 8.6
nvd
больше 1 года назад

A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.

msrc логотип

CVE-2024-1753

CVSS3: 8.6
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2024-1753

CVSS3: 8.6
debian
больше 1 года назад

A flaw was found in Buildah (and subsequently Podman Build) which allo ...