Mageia 2023-0125: opencontainers-runc security update
/sys/fs/cgroup is writable when cgroupns isn't unshared (CVE-2023-25809) Regression that reintroduced CVE-2019-19921 - Incorrect Access Control leading to Escalation of Privileges...
Summary
/sys/fs/cgroup is writable when cgroupns isn't unshared (CVE-2023-25809)
Regression that reintroduced CVE-2019-19921 - Incorrect Access Control
leading to Escalation of Privileges (CVE-2023-27561)
AppArmor/SELinux bypass with symlinked /proc (CVE-2023-28642)
References
- https://bugs.mageia.org/show_bug.cgi?id=31729
- https://www.debian.org/lts/security/2023/dla-3369
- https://github.com/opencontainers/runc/issues/3789
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642
Resolution
MGASA-2023-0125 - Updated opencontainers-runc packages fix security vulnerability
SRPMS
- 8/core/opencontainers-runc-1.1.5-1.mga8
Severity
Publication date: 06 Apr 2023
URL: https://advisories.mageia.org/MGASA-2023-0125.html
Type: security
CVE: CVE-2023-25809,
CVE-2023-27561,
CVE-2023-28642
