ALT-PU-2022-4441-1
Package crun updated to version 1.4.4-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Published: 2022-04-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-27650
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
Severity: MEDIUM (6.0)
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2066845
- https://github.com/containers/crun/commit/1aeeed2e4fdeffb4875c0d0b439915894594c8c6
- https://github.com/containers/crun/security/advisories/GHSA-wr4f-w546-m398
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYIGABCZ7ZHAG2XCOGITTQRJU2ASWMFA/
- https://bugzilla.redhat.com/show_bug.cgi?id=2066845
- https://github.com/containers/crun/commit/1aeeed2e4fdeffb4875c0d0b439915894594c8c6
- https://github.com/containers/crun/security/advisories/GHSA-wr4f-w546-m398
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYIGABCZ7ZHAG2XCOGITTQRJU2ASWMFA/