pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2022-1595/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

102 lines
5.0 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20221595",
"Version": "oval:org.altlinux.errata:def:20221595",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-1595: package `docker-engine` update to version 20.10.14-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-1595",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-1595",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-00215",
"RefURL": "https://bdu.fstec.ru/vul/2023-00215",
"Source": "BDU"
},
{
"RefID": "CVE-2022-24769",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-24769",
"Source": "CVE"
}
],
"Description": "This update upgrades docker-engine to version 20.10.14-alt1. \nSecurity Fix(es):\n\n * BDU:2023-00215: Уязвимость среды выполнения контейнеров Containerd, связанная с неправильным присвоением разрешений для критичного ресурса, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2022-24769: Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-03-29"
},
"Updated": {
"Date": "2022-03-29"
},
"BDUs": [
{
"ID": "BDU:2023-00215",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-732",
"Href": "https://bdu.fstec.ru/vul/2023-00215",
"Impact": "Low",
"Public": "20220324"
}
],
"CVEs": [
{
"ID": "CVE-2022-24769",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-24769",
"Impact": "Low",
"Public": "20220324"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20221595001",
"Comment": "docker-engine is earlier than 0:20.10.14-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221595002",
"Comment": "docker-engine-rootless is earlier than 0:20.10.14-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink