Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
100
security advisorymoderateSUSE Linux EnterpriseCENTOS: 2022:4578-2 Important: Libnetwork-Module Security Update
An update that solves 5 vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for libcontainers-common ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3312-1 Rating: moderate References: #1176804 #1177598 #1181640 #1182998 #1188520 #1189893 Cross-References: CVE-2020-14370 CVE-2020-15157 CVE-2021-20199 CVE-2021-20291 CVE-2021-3602 CVSS scores: CVE-2020-14370 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-14370 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2020-15157 (NVD) : 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2020-15157 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-20199 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-20199 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-20291 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-20291 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3602 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3602 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for libcontainers-common fixes the following issues: libcontainers-common was updated: - common component was updated to 0.44.0. - storage component was updated to 1.36.0. - image component was updated to 5.16.0. - podman component was updated to 3.3.1. 3.3.1: Bugfixes: - Fixed a bug where unit files created by `podman generate systemd` could not cleanup shut down containers when stopped by `systemctl stop` . - Fixed a bug where `podman machine` commands would not properly locate the `gvproxy` binary in some circumstances. - Fixed a bug where containers created as part of a pod using the `--pod-id-file` option would not join the pod's network namespace . - Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. - Fixed a bug where the `until` filter to `podman logs` and `podman events` was improperly handled, requiring input to be negated . - Fixed a bug where rootless containers using CNI networking run on systems using `systemd-resolved` for DNS would fail to start if resolved symlinked `/etc/resolv.conf` to an absolute path . API: - A large number of potential file descriptor leaks from improperly closing client connections have been fixed. 3.3.0: Features: - Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMsthat publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system. - The `podman play kube` command's `--network` option now accepts advanced network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) . - The `podman play kube` commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks. - Podman now provides a systemd unit, `podman-restart.service`, which, when enabled, will restart all containers that were started with `--restart=always` after the system reboots. - Rootless Podman can now be configured to use CNI networking by default by using the `rootless_networking` option in `containers.conf`. - Images can now be pulled using `image:tag@digest` syntax (e.g. `podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa 91611a`) . - The `podman container checkpoint` and `podman container restore` commands can now be used to checkpoint containers that are in pods, and restore those containers into pods. - The `podman container restore` command now features a new option, `--publish`, to change the ports that are forwarded to a container that is being restored from an exported checkpoint. - The `podman container checkpoint` command now features a new option, `--compress`, to specify the compression algorithm that will be used on the generated checkpoint. - The `podman pull` command can now pull multiple images at once (e.g. `podman pull fedora:34 ubi8:latest` will pull both specified images). - THe `podman cp` command can now copy files from one container into another directly (e.g. `podman cp containera:/etc/hosts containerb:/etc/`) . - The `podman cp` command now supports a new option, `--archive`, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container. - The `podman stats`command now provides two additional metrics: Average CPU, and CPU time. - The `podman pod create` command supports a new flag, `--pid`, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace. - The `podman pod create` command supports a new flag, `--infra-name`, which allows the name of the pod's infra container to be set . - The `podman auto-update` command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated. - The `podman auto-update` command now supports a new option, `--dry-run`, which reports what would be updated but does not actually perform the update . - The `podman build` command now supports a new option, `--secret`, to mount secrets into build containers. - The `podman manifest remove` command now has a new alias, `podman manifest rm`. - The `podman login` command now supports a new option, `--verbose`, to print detailed information about where the credentials entered were stored. - The `podman events` command now supports a new event, `exec_died`, which is produced when an exec session exits, and includes the exit code of the exec session. - The `podman system connection add` command now supports adding connections that connect using the `tcp://` and `unix://` URL schemes. - The `podman system connection list` command now supports a new flag, `--format`, to determine how the output is printed. - The `podman volume prune` and `podman volume ls` commands' `--filter` option now support a new filter, `until`, that matches volumes created before a certain time . - The `podman ps --filter` option's `network` filter now accepts a new value: `container:`, which matches containers that share a network namespace with a specific container . - The `podman diff` command can now accept two arguments, allowing two images or two containers tobe specified; the diff between the two will be printed . - Podman can now optionally copy-up content from containers into volumes mounted into those containers earlier (at creation time, instead of at runtime) via the `prepare_on_create` option in `containers.conf` . - A new option, `--gpus`, has been added to `podman create` and `podman run` as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag. - If an invalid subcommand is provided, similar commands to try will now be suggested in the error message. ### Changes - The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well. - The new port forwarding offered by `podman machine` requires [gvproxy] in order to function. - Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated. - The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it. - The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` . - The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name. - The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once. - Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default . - Systemd unitfiles generated by `podman generate systemd` now use `Type=notify` by default, instead of using PID files. - The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster. Bugfixes: - Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options . - Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images . - Fixed a bug where the `podman play kube` command would only accept lowercase pull policies. - Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container . - Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container . - Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed. - Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not . - Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion. - Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up. - Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited . - Fixed a bug where the `podman system service` command would leave zombie processesafter its initial launch that were not cleaned up until it exited . - Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted . - Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given). - Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file . - Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) . - Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error . - Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build . - Fixed a bug where the remote Podman client's `podman build` command would fail to build when run on Windows . - Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest). - Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container . - Fixed a bug where named volumes created using a volume plugin would be removed from Podman, even if the plugin reported a failure to remove the volume . - Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat
Sep 19, 2022
•Important
SuSE
91
security advisorydenial of servicegentoo linuxGentoo: GLSA-202401-12 Moderate: Sed Utility Vulnerability Risk
A vulnerability in grep could result in execution of arbitrary code or Denial of Service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201403-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: grep: User-assisted execution of arbitrary code Date: March 26, 2014 Bugs: #448246 ID: 201403-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in grep could result in execution of arbitrary code or Denial of Service. Background ========= grep is the GNU regular expression matcher. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-apps/grep < 2.12 > = 2.12 Description ========== An integer overflow flaw has been discovered in grep. Impact ===== An attacker could entice a user to run grep on a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All grep users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-apps/grep-2.12" References ========= [ 1 ] CVE-2012-5667 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5667 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201403-07 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security ofour users' machines is of utmost importance to us. Any security concerns should be addressed to
Mar 26, 2014
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!