Advisories ยป MGASA-2023-0125

Updated opencontainers-runc packages fix security vulnerability

Publication date: 06 Apr 2023
Modification date: 06 Apr 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-25809 , CVE-2023-27561 , CVE-2023-28642

Description

/sys/fs/cgroup is writable when cgroupns isn't unshared (CVE-2023-25809)
Regression that reintroduced CVE-2019-19921 -  Incorrect Access Control
leading to Escalation of Privileges (CVE-2023-27561)
AppArmor/SELinux bypass with symlinked /proc (CVE-2023-28642)
                

References

SRPMS

8/core