Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0192)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2022.0192

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2022-0192)

Zusammenfassung: The remote host is missing an update for the 'opencontainers-runc' package(s) announced via the MGASA-2022-0192 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'opencontainers-runc' package(s) announced via the MGASA-2022-0192 advisory.

Vulnerability Insight:
A bug was found in runc where runc exec --cap executed processes with
non-empty inheritable Linux process capabilities, creating an atypical
Linux environment and enabling programs with inheritable file capabilities
to elevate those capabilities to the permitted set during execve(2). This
bug did not affect the container security sandbox as the inheritable set
never contained more capabilities than were included in the container's
bounding set. (CVE-2022-29162)

Affected Software/OS:
'opencontainers-runc' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2022-29162
https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/
https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5
https://github.com/opencontainers/runc/releases/tag/v1.1.2
https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2022.0192
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2022-0192)
Zusammenfassung:	The remote host is missing an update for the 'opencontainers-runc' package(s) announced via the MGASA-2022-0192 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'opencontainers-runc' package(s) announced via the MGASA-2022-0192 advisory. Vulnerability Insight: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. (CVE-2022-29162) Affected Software/OS: 'opencontainers-runc' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-29162 https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/ https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5 https://github.com/opencontainers/runc/releases/tag/v1.1.2 https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
Copyright	Copyright (C) 2022 Greenbone AG