ALT Linux Team

Branch p10 update on 2022-03-25

2022-03-25

ALT-BU-2022-4386-2

Branch p10 update bulletin.

ALT-PU-2022-1564-1

Package gpupdate updated to version 0.9.9.1-alt1 for branch p10 in task 296215.

Closed bugs

Bug #41994

Не работает запуск обновления политик для определенного пользователя

ALT-PU-2022-1565-2

Package cri-o updated to version 1.22.3-alt2 for branch p10 in task 296969.

Closed vulnerabilities

Published: 2022-03-18

BDU:2022-01319

Уязвимость утилиты pinns прикладного программного интерфейса CRI-O Container Engine программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю выйти из контейнера и получить root-доступ к хосту

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (9.0)Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
References:
Published: 2022-03-16
Modified: 2024-11-21

CVE-2022-0811

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.

Severity: CRITICAL (9.0)Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-03-15
Modified: 2022-03-18

GHSA-6x2m-w449-qwx7

Code Injection in CRI-O

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2022-1567-1

Package rsyslog updated to version 8.2202.0-alt1 for branch p10 in task 283229.

Closed bugs

Bug #37239

Неправильный порядок загрузки конфигурации из /etc/rsyslog.d

VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top