Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Mageia 8: MGASA-2023-0125 Critical: Opencontainers-Runc Access Issues

mageia
Calendar Grey April 6, 2023
Dist Mageia Esm H88
Newly released opencontainers-runc packages address critical security vulnerabilities in Mageia. Announcement date: 06 April 2023.
/sys/fs/cgroup is writable when cgroupns isn't unshared (CVE-2023-25809) Regression that reintroduced CVE-2019-19921 - Incorrect Access Control leading to Escalation of Privileges...

Summary

/sys/fs/cgroup is writable when cgroupns isn't unshared (CVE-2023-25809) Regression that reintroduced CVE-2019-19921 - Incorrect Access Control leading to Escalation of Privileges (CVE-2023-27561) AppArmor/SELinux bypass with symlinked /proc (CVE-2023-28642)

References

- https://bugs.mageia.org/show_bug.cgi?id=31729

- https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html

- https://github.com/opencontainers/runc/issues/3789

- https://www.cve.org/CVERecord?id=CVE-2023-25809

- https://www.cve.org/CVERecord?id=CVE-2023-27561

- https://www.cve.org/CVERecord?id=CVE-2023-28642

Topics%20covered

Topics Covered

security advisory critical access control threat mitigation mageia escalation of privileges opencontainers-runc

Resolution

SRPMS

- 8/core/opencontainers-runc-1.1.5-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 06 Apr 2023
URL: https://advisories.mageia.org/MGASA-2023-0125.html
Type: security
CVE: CVE-2023-25809, CVE-2023-27561, CVE-2023-28642

Topics%20covered

Topics Covered

security advisory critical access control threat mitigation mageia escalation of privileges opencontainers-runc

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here