Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:4607-1

Опубликовано: 22 дек. 2022
Источник: suse-cvrf

Описание

Security update for conmon

This update for conmon fixes the following issues:

conmon was updated to version 2.1.5:

  • don't leak syslog_identifier
  • logging: do not read more that the buf size
  • logging: fix error handling
  • Makefile: Fix install for FreeBSD
  • signal: Track changes to get_signal_descriptor in the FreeBSD version
  • Packit: initial enablement

Update to version 2.1.4:

  • Fix a bug where conmon crashed when it got a SIGCHLD

update to 2.1.3:

  • Stop using g_unix_signal_add() to avoid threads
  • Rename CLI optionlog-size-global-max to log-global-size-max

Update to version 2.1.2:

  • add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285)
  • journald: print tag and name if both are specified
  • drop some logs to debug level

Update to version 2.1.0

  • logging: buffer partial messages to journald
  • exit: close all fds >= 3
  • fix: cgroup: Free memory_cgroup_file_path if open fails.

Update to version 2.0.32

  • Fix: Avoid mainfd_std{in,out} sharing the same file descriptor.
  • exit_command: Fix: unset subreaper attribute before running exit command

Update to version 2.0.31

  • logging: new mode -l passthrough
  • ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald
  • conmon: Fix: free userdata files before exec cleanup

Список пакетов

SUSE Enterprise Storage 7.1
conmon-2.1.5-150300.8.6.1
SUSE Linux Enterprise Micro 5.1
conmon-2.1.5-150300.8.6.1
SUSE Linux Enterprise Micro 5.2
conmon-2.1.5-150300.8.6.1
SUSE Linux Enterprise Module for Containers 15 SP3
conmon-2.1.5-150300.8.6.1
openSUSE Leap 15.3
conmon-2.1.5-150300.8.6.1
openSUSE Leap Micro 5.2
conmon-2.1.5-150300.8.6.1

Ссылки

Описание

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.

Затронутые продукты
SUSE Enterprise Storage 7.1:conmon-2.1.5-150300.8.6.1
SUSE Linux Enterprise Micro 5.1:conmon-2.1.5-150300.8.6.1
SUSE Linux Enterprise Micro 5.2:conmon-2.1.5-150300.8.6.1
SUSE Linux Enterprise Module for Containers 15 SP3:conmon-2.1.5-150300.8.6.1
Ссылки