Mageia 8: 2021-0412 Critical: runc Symlink Attack Exploit Fix
mageia
August 27, 2021
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal
Summary
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory
Traversal. To exploit the vulnerability, an attacker must be able to create
multiple containers with a fairly specific mount configuration. The problem
occurs via a symlink-exchange attack that relies on a race condition
(CVE-2021-30465).
References
- https://bugs.mageia.org/show_bug.cgi?id=28962
- https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/35ZW6NBZSBH5PWIT7JU4HXOXGFVDCOHH/
- https://www.cve.org/CVERecord?id=CVE-2021-30465
Resolution
SRPMS
- 8/core/opencontainers-runc-1.0.2-1.mga8
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 27 Aug 2021
URL: https://advisories.mageia.org/MGASA-2021-0412.html
Type: security
CVE: CVE-2021-30465
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!