Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0484)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0484

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0484)

Resumen: The remote host is missing an update for the 'docker-containerd' package(s) announced via the MGASA-2021-0484 advisory.

Descripción: Summary:
The remote host is missing an update for the 'docker-containerd' package(s) announced via the MGASA-2021-0484 advisory.

Vulnerability Insight:
A bug was found in containerd where pulling and extracting a
specially-crafted container image can result in Unix file permission
changes for existing files in the host's filesystem. Changes to file
permissions can deny access to the expected owner of the file, widen
access to others, or set extended bits like setuid, setgid, and sticky.
This bug does not directly allow files to be read, modified, or executed
without an additional cooperating process.

Affected Software/OS:
'docker-containerd' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-32760
https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/
https://security.gentoo.org/glsa/202401-31
https://github.com/containerd/containerd/releases/tag/v1.4.8
https://github.com/containerd/containerd/releases/tag/v1.5.4
Common Vulnerability Exposure (CVE) ID: CVE-2021-41103
https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq
Debian Security Information: DSA-5002 (Google Search)
https://www.debian.org/security/2021/dsa-5002
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/
https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0484
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0484)
Resumen:	The remote host is missing an update for the 'docker-containerd' package(s) announced via the MGASA-2021-0484 advisory.
Descripción:	Summary: The remote host is missing an update for the 'docker-containerd' package(s) announced via the MGASA-2021-0484 advisory. Vulnerability Insight: A bug was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. Affected Software/OS: 'docker-containerd' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-32760 https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/ https://security.gentoo.org/glsa/202401-31 https://github.com/containerd/containerd/releases/tag/v1.4.8 https://github.com/containerd/containerd/releases/tag/v1.5.4 Common Vulnerability Exposure (CVE) ID: CVE-2021-41103 https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq Debian Security Information: DSA-5002 (Google Search) https://www.debian.org/security/2021/dsa-5002 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/ https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8
Copyright	Copyright (C) 2022 Greenbone AG