rpm package
suse/runc&distro=SUSE Linux Enterprise Module for Containers 12
pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012
Vulnerabilities (29)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-19921 | Hig | 7.0 | < 1.0.0~rc93-16.8.1 | 1.0.0~rc93-16.8.1 | Feb 12, 2020 | runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vul | |
| CVE-2019-16884 | Hig | 7.5 | < 1.0.0~rc93-16.8.1 | 1.0.0~rc93-16.8.1 | Sep 25, 2019 | runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | |
| CVE-2019-5736 | Hig | 8.6 | < 1.0.0~rc93-16.8.1 | 1.0.0~rc93-16.8.1 | Feb 11, 2019 | runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new conta | |
| CVE-2018-16875 | Med | 5.9 | < 1.0.0~rc93-16.8.1 | 1.0.0~rc93-16.8.1 | Dec 14, 2018 | The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates | |
| CVE-2018-16874 | Hig | 8.1 | < 1.0.0~rc93-16.8.1 | 1.0.0~rc93-16.8.1 | Dec 14, 2018 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but | |
| CVE-2018-16873 | Hig | 8.1 | < 1.0.0~rc93-16.8.1 | 1.0.0~rc93-16.8.1 | Dec 14, 2018 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPA | |
| CVE-2017-8932 | Med | 5.9 | < 0.1.1+gitr2947_9c2d8d1-20.3 | 0.1.1+gitr2947_9c2d8d1-20.3 | Jul 6, 2017 | A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input | |
| CVE-2016-9962 | Med | 6.4 | < 0.1.1+gitr2819_50a19c6-15.2 | 0.1.1+gitr2819_50a19c6-15.2 | Jan 31, 2017 | RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to conta | |
| CVE-2016-8867 | Hig | 7.5 | < 0.1.1+gitr2816_02f8fa7-9.1 | 0.1.1+gitr2816_02f8fa7-9.1 | Oct 28, 2016 | Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes. |
- affected < 1.0.0~rc93-16.8.1fixed 1.0.0~rc93-16.8.1
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vul
- affected < 1.0.0~rc93-16.8.1fixed 1.0.0~rc93-16.8.1
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.
- affected < 1.0.0~rc93-16.8.1fixed 1.0.0~rc93-16.8.1
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new conta
- affected < 1.0.0~rc93-16.8.1fixed 1.0.0~rc93-16.8.1
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates
- affected < 1.0.0~rc93-16.8.1fixed 1.0.0~rc93-16.8.1
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but
- affected < 1.0.0~rc93-16.8.1fixed 1.0.0~rc93-16.8.1
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPA
- affected < 0.1.1+gitr2947_9c2d8d1-20.3fixed 0.1.1+gitr2947_9c2d8d1-20.3
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input
- affected < 0.1.1+gitr2819_50a19c6-15.2fixed 0.1.1+gitr2819_50a19c6-15.2
RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to conta
- affected < 0.1.1+gitr2816_02f8fa7-9.1fixed 0.1.1+gitr2816_02f8fa7-9.1
Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.
Page 2 of 2