Updated opencontainers-runc packages fix security vulnerability
Publication date: 06 Apr 2023Modification date: 06 Apr 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-25809 , CVE-2023-27561 , CVE-2023-28642
Description
/sys/fs/cgroup is writable when cgroupns isn't unshared (CVE-2023-25809)
Regression that reintroduced CVE-2019-19921 - Incorrect Access Control
leading to Escalation of Privileges (CVE-2023-27561)
AppArmor/SELinux bypass with symlinked /proc (CVE-2023-28642)
References
- https://bugs.mageia.org/show_bug.cgi?id=31729
- https://www.debian.org/lts/security/2023/dla-3369
- https://github.com/opencontainers/runc/issues/3789
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642
SRPMS
8/core
- opencontainers-runc-1.1.5-1.mga8