Advisories ยป MGASA-2021-0412

Updated opencontainers-runc packages fix security vulnerability

Publication date: 27 Aug 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-30465

Description

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory
Traversal. To exploit the vulnerability, an attacker must be able to create
multiple containers with a fairly specific mount configuration. The problem
occurs via a symlink-exchange attack that relies on a race condition
(CVE-2021-30465).
                

References

SRPMS

8/core