Lucene search
Gentoo FoundationMGASA-2023-0125HistoryApr 07, 2023 - 12:20 a.m.
Updated opencontainers-runc packages fix security vulnerability
2023-04-0700:20:12
Gentoo Foundation
advisories.mageia.org
18
opencontainers-runc security vulnerability cgroupns access control escalation of privileges apparmor selinux symlinked /proc
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
19.2%
/sys/fs/cgroup is writable when cgroupns isn’t unshared (CVE-2023-25809) Regression that reintroduced CVE-2019-19921 - Incorrect Access Control leading to Escalation of Privileges (CVE-2023-27561) AppArmor/SELinux bypass with symlinked /proc (CVE-2023-28642)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 8 | noarch | opencontainers-runc | < 1.1.5-1 | opencontainers-runc-1.1.5-1.mga8 |
Related
nessus
nessus
Oracle Linux 8 : buildah (ELSA-2023-12578)
2023-07-20 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : runC vulnerabilities (USN-6088-1)
2023-05-18 00:00:00
Amazon Linux 2 : runc (ALASECS-2023-004)
2023-07-14 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:2003-1)
2023-04-26 00:00:00
Mageia: Security Advisory (MGASA-2023-0125)
2023-04-07 00:00:00
Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2023-2638)
2023-09-05 00:00:00
oraclelinux
oraclelinux
buildah security update
2023-07-19 00:00:00
aardvark-dns security update
2023-07-19 00:00:00
runc security update
2023-11-11 00:00:00
osv
osv
runc vulnerabilities
2023-05-18 10:03:59
Moderate: runc security update
2023-11-07 00:00:00
runc vulnerabilities
2023-05-23 14:07:29
ubuntu
ubuntu
runC vulnerabilities
2023-05-18 00:00:00
runC vulnerabilities
2023-05-23 00:00:00
runC vulnerabilities
2020-03-09 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package runc version 1.1.5-alt1
2023-04-20 00:00:00
Security fix for the ALT Linux 10 package runc version 1.0.0-alt12.rc10
2020-02-17 00:00:00
almalinux
almalinux
Moderate: runc security update
2023-11-07 00:00:00
Moderate: container-tools:4.0 security and bug fix update
2023-11-14 00:00:00
Moderate: container-tools:rhel8 security and bug fix update
2023-11-14 00:00:00
redhat
redhat
(RHSA-2023:6380) Moderate: runc security update
2023-11-07 06:03:35
(RHSA-2020:0688) Moderate: OpenShift Container Platform 4.2.22 runc security update
2020-03-10 12:10:03
(RHSA-2020:0942) Moderate: runc security update
2020-03-23 13:32:09
fedora
fedora
[SECURITY] Fedora 36 Update: runc-1.1.6-1.fc36
2023-04-21 01:25:12
[SECURITY] Fedora 38 Update: golang-github-opencontainers-runc-1.1.8-2.fc38
2023-08-16 01:22:21
[SECURITY] Fedora 38 Update: runc-1.1.6-1.fc38
2023-04-21 02:09:44
prion
prion
Design/Logic Flaw
2023-03-03 19:15:00
Improper access control
2020-02-12 15:15:00
Design/Logic Flaw
2023-03-29 19:15:00
alpinelinux
alpinelinux
nvd
nvd
cve
cve
github
github
Opencontainers runc Incorrect Authorization vulnerability
2023-03-03 21:30:19
runc AppArmor bypass with symlinked /proc
2023-03-30 20:20:23
vulnrichment
vulnrichment
CVE-2023-27561
2023-03-03 00:00:00
cvelist
cvelist
CVE-2023-27561
2023-03-03 00:00:00
CVE-2023-25809 rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
2023-03-29 18:22:56
CVE-2019-19921
2020-02-12 00:00:00
ubuntucve
ubuntucve
veracode
veracode
Sandbox Restrictions Bypass
2023-03-08 02:33:46
Sandbox Restrictions Bypass
2020-01-16 05:48:35
Improper Preservation Of Permissions
2023-04-04 07:34:38
redhatcve
redhatcve
debiancve
debiancve
ibm
ibm
Security Bulletin: IBM Cloud Kubernetes Service is affected by two containerd security vulnerabilities (CVE-2023-28642) (CVE-2023-27561)
2023-06-12 12:41:31
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Open Container Initiative runc
2024-06-28 22:49:49
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
2023-05-31 17:22:48
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0038
2023-06-27 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0433
2023-07-21 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0604
2023-06-27 00:00:00
redos
redos
ROS-20231031-01
2023-10-31 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2209
2023-08-08 07:51:13
cbl_mariner
cbl_mariner
CVE-2023-28642 affecting package moby-runc 1.1.2+azure-4
2023-04-20 19:17:28
CVE-2023-25809 affecting package moby-runc for versions less than 1.1.5-1
2023-05-03 16:08:49
CVE-2023-27561 affecting package moby-runc for versions less than 1.1.5-1
2023-05-03 16:08:49
cgr
cgr
CVE-2023-28642 vulnerabilities
2024-05-19 03:07:16
CVE-2023-27561 vulnerabilities
2024-05-19 03:07:16
CVE-2023-25809 vulnerabilities
2024-05-19 03:07:16
amazon
amazon
Medium: runc
2020-04-20 18:58:00
mageia
mageia
Updated opencontainers-runc packages fix security vulnerability
2020-02-26 13:21:01
suse
suse
Security update for docker-runc (moderate)
2020-02-13 00:00:00
debian
debian
[SECURITY] [DLA 3369-1] runc security update
2023-03-27 16:07:07
wolfi
wolfi
CVE-2023-27561 vulnerabilities
2024-07-01 15:27:45
CVE-2023-25809 vulnerabilities
2024-07-01 15:27:45
CVE-2023-28642 vulnerabilities
2024-07-01 15:27:45
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
19.2%
Related for MGASA-2023-0125