ALT-BU-2016-2918-2
Branch sisyphus update bulletin.
Package lm_sensors3 updated to version 3.4.0-alt1 for branch sisyphus in task 168194.
Closed bugs
obsolete lm_sensors
свежая версия lm_sensors с поддержкой IT8603E
Package xfce4-settings updated to version 4.12.0-alt2 for branch sisyphus in task 168248.
Closed bugs
xfsettingsd: segfault libupower-glib.so.3.0.1
Package firefox-esr updated to version 45.3.0-alt1 for branch sisyphus in task 168271.
Closed vulnerabilities
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
Closed vulnerabilities
BDU:2019-00826
Уязвимость инструмента для запуска изолированных контейнеров runc, связанная с ошибками обработки файлового дескриптора, позволяющая нарушителю выполнить произвольный код
BDU:2020-04920
Уязвимость компонента AppArmor инструмента для запуска изолированных контейнеров runc, связанная с недостатками механизма авторизации, позволяющая нарушителю монтировать вредоносный образ Docker в каталог /proc
BDU:2021-03670
Уязвимость конфигурации инструмента для запуска изолированных контейнеров runc, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Modified: 2024-11-21
CVE-2019-16884
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.
- openSUSE-SU-2019:2418
- openSUSE-SU-2019:2418
- openSUSE-SU-2019:2434
- openSUSE-SU-2019:2434
- openSUSE-SU-2020:0045
- openSUSE-SU-2020:0045
- RHSA-2019:3940
- RHSA-2019:3940
- RHSA-2019:4074
- RHSA-2019:4074
- RHSA-2019:4269
- RHSA-2019:4269
- https://github.com/opencontainers/runc/issues/2128
- https://github.com/opencontainers/runc/issues/2128
- [debian-lts-announce] 20230218 [SECURITY] [DLA 3322-1] golang-github-opencontainers-selinux security update
- [debian-lts-announce] 20230218 [SECURITY] [DLA 3322-1] golang-github-opencontainers-selinux security update
- [debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update
- [debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update
- FEDORA-2019-3fc86a518b
- FEDORA-2019-3fc86a518b
- FEDORA-2019-bd4843561c
- FEDORA-2019-bd4843561c
- FEDORA-2019-96946c39dd
- FEDORA-2019-96946c39dd
- GLSA-202003-21
- GLSA-202003-21
- https://security.netapp.com/advisory/ntap-20220221-0004/
- https://security.netapp.com/advisory/ntap-20220221-0004/
- USN-4297-1
- USN-4297-1
Modified: 2024-11-21
CVE-2019-19921
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
- openSUSE-SU-2020:0219
- openSUSE-SU-2020:0219
- RHSA-2020:0688
- RHSA-2020:0688
- RHSA-2020:0695
- RHSA-2020:0695
- https://github.com/opencontainers/runc/issues/2197
- https://github.com/opencontainers/runc/issues/2197
- https://github.com/opencontainers/runc/pull/2190
- https://github.com/opencontainers/runc/pull/2190
- https://github.com/opencontainers/runc/releases
- https://github.com/opencontainers/runc/releases
- [debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update
- [debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update
- FEDORA-2023-9edf2145fb
- FEDORA-2023-9edf2145fb
- FEDORA-2023-1bcbb1db39
- FEDORA-2023-1bcbb1db39
- FEDORA-2023-6e6d9065e0
- FEDORA-2023-6e6d9065e0
- FEDORA-2023-3cccbc4c95
- FEDORA-2023-3cccbc4c95
- FEDORA-2023-1ba499965f
- FEDORA-2023-1ba499965f
- GLSA-202003-21
- GLSA-202003-21
- https://security-tracker.debian.org/tracker/CVE-2019-19921
- https://security-tracker.debian.org/tracker/CVE-2019-19921
- USN-4297-1
- USN-4297-1
Modified: 2024-11-21
CVE-2019-5736
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
- openSUSE-SU-2019:1079
- openSUSE-SU-2019:1079
- openSUSE-SU-2019:1227
- openSUSE-SU-2019:1227
- openSUSE-SU-2019:1275
- openSUSE-SU-2019:1275
- openSUSE-SU-2019:1444
- openSUSE-SU-2019:1444
- openSUSE-SU-2019:1481
- openSUSE-SU-2019:1481
- openSUSE-SU-2019:1499
- openSUSE-SU-2019:1499
- openSUSE-SU-2019:1506
- openSUSE-SU-2019:1506
- openSUSE-SU-2019:2021
- openSUSE-SU-2019:2021
- openSUSE-SU-2019:2245
- openSUSE-SU-2019:2245
- openSUSE-SU-2019:2286
- openSUSE-SU-2019:2286
- http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
- http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
- http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
- [oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20191023 Membership application for linux-distros - VMware
- [oss-security] 20191023 Membership application for linux-distros - VMware
- [oss-security] 20191029 Re: Membership application for linux-distros - VMware
- [oss-security] 20191029 Re: Membership application for linux-distros - VMware
- [oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack
- 106976
- 106976
- RHSA-2019:0303
- RHSA-2019:0303
- RHSA-2019:0304
- RHSA-2019:0304
- RHSA-2019:0401
- RHSA-2019:0401
- RHSA-2019:0408
- RHSA-2019:0408
- RHSA-2019:0975
- RHSA-2019:0975
- https://access.redhat.com/security/cve/cve-2019-5736
- https://access.redhat.com/security/cve/cve-2019-5736
- https://access.redhat.com/security/vulnerabilities/runcescape
- https://access.redhat.com/security/vulnerabilities/runcescape
- https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
- https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
- https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
- https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
- https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
- https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
- https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
- https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
- https://brauner.github.io/2019/02/12/privileged-containers.html
- https://brauner.github.io/2019/02/12/privileged-containers.html
- https://bugzilla.suse.com/show_bug.cgi?id=1121967
- https://bugzilla.suse.com/show_bug.cgi?id=1121967
- https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
- https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
- https://github.com/docker/docker-ce/releases/tag/v18.09.2
- https://github.com/docker/docker-ce/releases/tag/v18.09.2
- https://github.com/Frichetten/CVE-2019-5736-PoC
- https://github.com/Frichetten/CVE-2019-5736-PoC
- https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
- https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
- https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
- https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
- https://github.com/q3k/cve-2019-5736-poc
- https://github.com/q3k/cve-2019-5736-poc
- https://github.com/rancher/runc-cve
- https://github.com/rancher/runc-cve
- https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
- https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
- [dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736
- [mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736
- [mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- FEDORA-2019-c1dac1b3b8
- FEDORA-2019-c1dac1b3b8
- FEDORA-2019-2baa1f7b19
- FEDORA-2019-2baa1f7b19
- FEDORA-2019-6174b47003
- FEDORA-2019-6174b47003
- FEDORA-2019-bc70b381ad
- FEDORA-2019-bc70b381ad
- GLSA-202003-21
- GLSA-202003-21
- https://security.netapp.com/advisory/ntap-20190307-0008/
- https://security.netapp.com/advisory/ntap-20190307-0008/
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
- https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
- https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc
- USN-4048-1
- USN-4048-1
- 46359
- 46359
- 46369
- 46369
- https://www.openwall.com/lists/oss-security/2019/02/11/2
- https://www.openwall.com/lists/oss-security/2019/02/11/2
- https://www.synology.com/security/advisory/Synology_SA_19_06
- https://www.synology.com/security/advisory/Synology_SA_19_06
- https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
- https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
Modified: 2024-11-21
CVE-2021-30465
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.
- http://www.openwall.com/lists/oss-security/2021/05/19/2
- http://www.openwall.com/lists/oss-security/2021/05/19/2
- [oss-security] 20210519 CVE-2021-30465: runc <1.0.0-rc95 vulnerable to symlink-exchange attack
- [oss-security] 20210519 CVE-2021-30465: runc <1.0.0-rc95 vulnerable to symlink-exchange attack
- https://bugzilla.opensuse.org/show_bug.cgi?id=1185405
- https://bugzilla.opensuse.org/show_bug.cgi?id=1185405
- https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f
- https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f
- https://github.com/opencontainers/runc/releases
- https://github.com/opencontainers/runc/releases
- https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r
- https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r
- [debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update
- [debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update
- FEDORA-2021-0440f235a0
- FEDORA-2021-0440f235a0
- FEDORA-2021-2eb67ba3c2
- FEDORA-2021-2eb67ba3c2
- GLSA-202107-26
- GLSA-202107-26
- https://security.netapp.com/advisory/ntap-20210708-0003/
- https://security.netapp.com/advisory/ntap-20210708-0003/
Package systemd-udev-console-fb updated to version 1.00-alt2 for branch sisyphus in task 168326.
Closed bugs
Ошибка при загрузке ОС в 991-fb-systemd.rules
Closed vulnerabilities
BDU:2018-00106
Уязвимость функции ares_parse_naptr_reply библиотеки асинхронных DNS-запросов c-ares, позволяющая нарушителю выполнить чтение за границами буфера в памяти
Modified: 2024-11-21
CVE-2016-5180
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
- RHSA-2017:0002
- RHSA-2017:0002
- DSA-3682
- DSA-3682
- 93243
- 93243
- USN-3143-1
- USN-3143-1
- https://c-ares.haxx.se/adv_20160929.html
- https://c-ares.haxx.se/adv_20160929.html
- https://c-ares.haxx.se/CVE-2016-5180.patch
- https://c-ares.haxx.se/CVE-2016-5180.patch
- https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html
- https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html
- GLSA-201701-28
- GLSA-201701-28
- https://source.android.com/security/bulletin/2017-01-01.html
- https://source.android.com/security/bulletin/2017-01-01.html
Modified: 2024-11-21
CVE-2017-1000381
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.