Test ID:	1.3.6.1.4.1.25623.1.1.10.2021.0553
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2021-0553)
Summary:	The remote host is missing an update for the 'opencontainers-runc' package(s) announced via the MGASA-2021-0553 advisory.
Description:	Summary: The remote host is missing an update for the 'opencontainers-runc' package(s) announced via the MGASA-2021-0553 advisory. Vulnerability Insight: It was discovered that there was an overflow issue in runc, the runtime for the Open Container Project, often used with Docker. The Netlink 'bytemsg' length field could have allowed an attacker to override Netlink-based container configurations. This vulnerability required the attacker to have some control over the configuration of the container, but would have allowed the attacker to bypass the namespace restrictions of the container by simply adding their own Netlink payload which disables all namespaces. (CVE-2021-43784) Affected Software/OS: 'opencontainers-runc' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-43784 https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f https://bugs.chromium.org/p/project-zero/issues/detail?id=2241 https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554 https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.