Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0553)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2021.0553

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2021-0553)

Zusammenfassung: The remote host is missing an update for the 'opencontainers-runc' package(s) announced via the MGASA-2021-0553 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'opencontainers-runc' package(s) announced via the MGASA-2021-0553 advisory.

Vulnerability Insight:
It was discovered that there was an overflow issue in runc, the runtime
for the Open Container Project, often used with Docker. The Netlink
'bytemsg' length field could have allowed an attacker to override
Netlink-based container configurations. This vulnerability required the
attacker to have some control over the configuration of the container, but
would have allowed the attacker to bypass the namespace restrictions of
the container by simply adding their own Netlink payload which disables
all namespaces. (CVE-2021-43784)

Affected Software/OS:
'opencontainers-runc' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.0

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2021-43784
https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f
https://bugs.chromium.org/p/project-zero/issues/detail?id=2241
https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554
https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae
https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed
https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html
https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2021.0553
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2021-0553)
Zusammenfassung:	The remote host is missing an update for the 'opencontainers-runc' package(s) announced via the MGASA-2021-0553 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'opencontainers-runc' package(s) announced via the MGASA-2021-0553 advisory. Vulnerability Insight: It was discovered that there was an overflow issue in runc, the runtime for the Open Container Project, often used with Docker. The Netlink 'bytemsg' length field could have allowed an attacker to override Netlink-based container configurations. This vulnerability required the attacker to have some control over the configuration of the container, but would have allowed the attacker to bypass the namespace restrictions of the container by simply adding their own Netlink payload which disables all namespaces. (CVE-2021-43784) Affected Software/OS: 'opencontainers-runc' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-43784 https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f https://bugs.chromium.org/p/project-zero/issues/detail?id=2241 https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554 https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html
Copyright	Copyright (C) 2022 Greenbone AG