ALT-PU-2022-4433-1
Package crun updated to version 1.4.4-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
Published: 2022-04-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-27650
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2066845
- https://bugzilla.redhat.com/show_bug.cgi?id=2066845
- https://github.com/containers/crun/commit/1aeeed2e4fdeffb4875c0d0b439915894594c8c6
- https://github.com/containers/crun/commit/1aeeed2e4fdeffb4875c0d0b439915894594c8c6
- https://github.com/containers/crun/security/advisories/GHSA-wr4f-w546-m398
- https://github.com/containers/crun/security/advisories/GHSA-wr4f-w546-m398
- FEDORA-2022-10fd054d40
- FEDORA-2022-10fd054d40