ALT Linux Team

Branch c10f2 update on 2024-07-26

2024-07-26

ALT-BU-2024-10386-1

Branch c10f2 update bulletin.

ALT-PU-2024-9850-3

Package cri-o1.28 updated to version 1.28.8-alt1 for branch c10f2 in task 352602.

Closed vulnerabilities

Published: 2024-06-12

BDU:2024-04923

Уязвимость прикладного программного интерфейса CRI-O Container Engine программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю читать и записывать произвольные файлы в хост-системе

Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
References:
Published: 2024-06-12
Modified: 2024-12-11

CVE-2024-5154

A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.

References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top