Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2021.0412
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2021-0412)
Zusammenfassung:	The remote host is missing an update for the 'opencontainers-runc' package(s) announced via the MGASA-2021-0412 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'opencontainers-runc' package(s) announced via the MGASA-2021-0412 advisory. Vulnerability Insight: runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition (CVE-2021-30465). Affected Software/OS: 'opencontainers-runc' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-30465 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35ZW6NBZSBH5PWIT7JU4HXOXGFVDCOHH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HOARVIT47RULTTFWAU7XBG4WY6TDDHV/ https://security.gentoo.org/glsa/202107-26 http://www.openwall.com/lists/oss-security/2021/05/19/2 https://bugzilla.opensuse.org/show_bug.cgi?id=1185405 https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f https://github.com/opencontainers/runc/releases https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.