ALT Linux Team

Branch p11 update on 2024-07-22

2024-07-22

ALT-BU-2024-10208-1

Branch p11 update bulletin.

ALT-PU-2024-9808-2

Package cri-o1.28 updated to version 1.28.8-alt1 for branch p11 in task 352563.

Closed vulnerabilities

Published: 2024-07-02

BDU:2024-04923

Уязвимость прикладного программного интерфейса CRI-O Container Engine программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю читать и записывать произвольные файлы в хост-системе

Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
Severity: HIGH (7.7) Vector: AV:N/AC:L/Au:M/C:C/I:C/A:N
References:
Published: 2024-06-12
Modified: 2025-06-23

CVE-2024-5154

A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
References:

ALT-PU-2024-9810-2

Package cri-o1.29 updated to version 1.29.6-alt1 for branch p11 in task 352563.

Closed vulnerabilities

Published: 2024-07-02

BDU:2024-04923

Уязвимость прикладного программного интерфейса CRI-O Container Engine программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю читать и записывать произвольные файлы в хост-системе

Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
Severity: HIGH (7.7) Vector: AV:N/AC:L/Au:M/C:C/I:C/A:N
References:
Published: 2024-06-12
Modified: 2025-06-23

CVE-2024-5154

A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top