Mageia Advisory: MGASA-2023-0125 - Updated opencontainers-runc packages fix security vulnerability

Updated opencontainers-runc packages fix security vulnerability

Publication date: 06 Apr 2023
Modification date: 06 Apr 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-25809 , CVE-2023-27561 , CVE-2023-28642

Description

/sys/fs/cgroup is writable when cgroupns isn't unshared (CVE-2023-25809)
Regression that reintroduced CVE-2019-19921 -  Incorrect Access Control
leading to Escalation of Privileges (CVE-2023-27561)
AppArmor/SELinux bypass with symlinked /proc (CVE-2023-28642)

References

https://bugs.mageia.org/show_bug.cgi?id=31729
https://www.debian.org/lts/security/2023/dla-3369
https://github.com/opencontainers/runc/issues/3789
https://www.cve.org/CVERecord?id=CVE-2023-25809
https://www.cve.org/CVERecord?id=CVE-2023-27561
https://www.cve.org/CVERecord?id=CVE-2023-28642

SRPMS

8/core

opencontainers-runc-1.1.5-1.mga8

Advisories » MGASA-2023-0125

Updated opencontainers-runc packages fix security vulnerability

Description

References

SRPMS

8/core