Download
| Alert*
oval:org.secpod.oval:def:62274
The host is installed with Docker before 18.09.2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle a file-descriptor. Successful exploitation could allow attackers to overwrite the host runc binary and gain root access. oval:org.secpod.oval:def:1900025 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products,allows attackers to overwrite the host runc binary by leveraging the ability to execute a command as root within one of these types of containers: a new container with an attacker-controlled image, or an existing container, t ... oval:org.secpod.oval:def:705056 docker.io: Linux container runtime Docker could be made to overwrite files as the administrator. oval:org.secpod.oval:def:57461 docker.io: Linux container runtime Docker could be made to overwrite files as the administrator. oval:org.secpod.oval:def:54299 The host is installed with Docker-ce or Docker-ee before 18.09.2 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle the file-descriptor related to /proc/self/exe. Successful exploitation allows attackers to execute an arbitrary comm ... oval:org.secpod.oval:def:117038 LXCFS is a simple userspace filesystem designed to work around some current limitations of the Linux kernel. Specifically, it's providing two main things - A set of files which can be bind-mounted over their /proc originals to provide CGroup-aware values. - A cgroupfs-like tree which is containe ... oval:org.secpod.oval:def:54297 The host is installed with Docker-ce or Docker-ee before 18.09.2 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle the file-descriptor related to /proc/self/exe. Successful exploitation allows attackers to execute an arbitrary comm ... oval:org.secpod.oval:def:116023 Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container th ... oval:org.secpod.oval:def:116486 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:50980 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:50662 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacke ... oval:org.secpod.oval:def:502610 Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. Security Fix: * A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could u ... oval:org.secpod.oval:def:503127 Red Hat OpenShift Container Platform is Red Hat"s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix: * A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use t ... oval:org.secpod.oval:def:50663 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacke ... oval:org.secpod.oval:def:117054 LXCFS is a simple userspace filesystem designed to work around some current limitations of the Linux kernel. Specifically, it's providing two main things - A set of files which can be bind-mounted over their /proc originals to provide CGroup-aware values. - A cgroupfs-like tree which is containe ... oval:org.secpod.oval:def:50664 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacke ... oval:org.secpod.oval:def:117051 Linux Resource Containers provide process and resource isolation without the overhead of full virtualization. oval:org.secpod.oval:def:50983 Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container th ... oval:org.secpod.oval:def:1504201 [18.03.1.ol-0.0.12] - correct the version string of containerd [18.03.1.ol-0.0.11] - update runc for CVE-2019-5736 [18.03.1.ol-0.0.10] - update Go to version 1.10.8 [18.03.1.ol-0.0.9] - correct changelog [18.03.1.ol-0.0.8] - fix [orabug 28452214] and [orabug 28461404] [18.03.1.ol-0.0.6] - obsolete/p ... oval:org.secpod.oval:def:117052 Linux Resource Containers provide process and resource isolation without the overhead of full virtualization. oval:org.secpod.oval:def:117050 Linux Resource Containers provide process and resource isolation without the overhead of full virtualization. The python3-lxc package contains the Python3 binding for LXC. oval:org.secpod.oval:def:1504027 [17.06.2.ol-1.0.6] - update the version string of runc to show the CVE fixed [17.06.2.ol-1.0.4] - build using Go 1.10.8 - apply fix for runc CVE-2019-5736 [17.06.2.ol-1.0.3] - spec: do not replace config files [Orabug: 28235986] oval:org.secpod.oval:def:66668 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc bina ... oval:org.secpod.oval:def:115945 Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container th ... oval:org.secpod.oval:def:2501009 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:1600977 A vulnerability was discovered in runc, which is used by Docker to run containers. runc did not prevent container processes from modifying the runc binary via /proc/self/exe. A malicious container could replace the runc binary, resulting in container escape and privilege escalation. This was fixed b ... oval:org.secpod.oval:def:115941 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:115982 Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance and everything in between - and they don' ... oval:org.secpod.oval:def:116393 The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. oval:org.secpod.oval:def:117040 Linux Resource Containers provide process and resource isolation without the overhead of full virtualization. The python3-lxc package contains the Python3 binding for LXC. oval:org.secpod.oval:def:51008 A vulnerability was discovered in runc, which is used by Docker to run containers. runc did not prevent container processes from modifying the runc binary via /proc/self/exe. A malicious container could replace the runc binary, resulting in container escape and privilege escalation. This was fixed b ... oval:org.secpod.oval:def:1502630 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504478 [1.0.0-19.rc5.git4bb1fe4.0.3.el7] - Apply patch for CVE-2019-5736 [1.0.0-19.rc5.git4bb1fe4.0.2.el7] - update Go version to 1.10.8, fix version string [1.0.0-19.rc5.git4bb1fe4.0.1.el7] - Tuning .spec file [2:1.0.0-19.rc5.git4bb1fe4] - release v1.0.0~rc5 [2:1.0.0-17.rc4.git9f9c962.1] - Rebuilt for h ... oval:org.secpod.oval:def:502609 The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. Security Fix: * A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc ... oval:org.secpod.oval:def:1504858 [1.0.0-92.rc92] - Add epoch value of 2 to allow upgrade to 1.0.0-92.rc92 from 1.0.0-93.rc93. [1.0.0-92.rc92] - Build for https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92 |