Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-21334 (GCVE-0-2021-21334)
Vulnerability from cvelistv5 – Published: 2021-03-10 21:30 – Updated: 2024-08-03 18:09
VLAI
EPSS
Title
environment variable leak
Summary
In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.
Severity
6.3 (Medium)
CWE
- CWE-668 - {"CWE-668":"Exposure of Resource to Wrong Sphere"}
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://github.com/containerd/containerd/security… | x_refsource_CONFIRM |
| https://github.com/containerd/containerd/releases… | x_refsource_MISC |
| https://github.com/containerd/containerd/releases… | x_refsource_MISC |
| https://github.com/containerd/containerd/commit/0… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202105-33 | vendor-advisoryx_refsource_GENTOO |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| containerd | containerd |
Affected:
< 1.3.10
Affected: >= 1.4.0, < 1.4.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/containerd/containerd/releases/tag/v1.4.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/containerd/containerd/releases/tag/v1.3.10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e"
},
{
"name": "FEDORA-2021-470fa24f5b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/"
},
{
"name": "FEDORA-2021-10ce8fcbf1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/"
},
{
"name": "FEDORA-2021-f049305892",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/"
},
{
"name": "GLSA-202105-33",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "containerd",
"vendor": "containerd",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.10"
},
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.4.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd\u0027s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd\u0027s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "{\"CWE-668\":\"Exposure of Resource to Wrong Sphere\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T11:08:46.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containerd/containerd/releases/tag/v1.4.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containerd/containerd/releases/tag/v1.3.10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e"
},
{
"name": "FEDORA-2021-470fa24f5b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/"
},
{
"name": "FEDORA-2021-10ce8fcbf1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/"
},
{
"name": "FEDORA-2021-f049305892",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/"
},
{
"name": "GLSA-202105-33",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-33"
}
],
"source": {
"advisory": "GHSA-6g2q-w5j3-fwh4",
"discovery": "UNKNOWN"
},
"title": "environment variable leak",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21334",
"STATE": "PUBLIC",
"TITLE": "environment variable leak"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "containerd",
"version": {
"version_data": [
{
"version_value": "\u003c 1.3.10"
},
{
"version_value": "\u003e= 1.4.0, \u003c 1.4.4"
}
]
}
}
]
},
"vendor_name": "containerd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd\u0027s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd\u0027s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-668\":\"Exposure of Resource to Wrong Sphere\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4",
"refsource": "CONFIRM",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4"
},
{
"name": "https://github.com/containerd/containerd/releases/tag/v1.4.4",
"refsource": "MISC",
"url": "https://github.com/containerd/containerd/releases/tag/v1.4.4"
},
{
"name": "https://github.com/containerd/containerd/releases/tag/v1.3.10",
"refsource": "MISC",
"url": "https://github.com/containerd/containerd/releases/tag/v1.3.10"
},
{
"name": "https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e",
"refsource": "MISC",
"url": "https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e"
},
{
"name": "FEDORA-2021-470fa24f5b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/"
},
{
"name": "FEDORA-2021-10ce8fcbf1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/"
},
{
"name": "FEDORA-2021-f049305892",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/"
},
{
"name": "GLSA-202105-33",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-33"
}
]
},
"source": {
"advisory": "GHSA-6g2q-w5j3-fwh4",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21334",
"datePublished": "2021-03-10T21:30:18.000Z",
"dateReserved": "2020-12-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:09:15.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-21334",
"date": "2026-06-04",
"epss": "0.00405",
"percentile": "0.61356"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-21334\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-03-10T22:15:12.183\",\"lastModified\":\"2024-11-21T05:48:02.740\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd\u0027s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd\u0027s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.\"},{\"lang\":\"es\",\"value\":\"En containerd (un tiempo de ejecuci\u00f3n de contenedor est\u00e1ndar de la industria) anteriores a versiones 1.3.10 y 1.4.4, los contenedores se iniciaron por medio de la implementaci\u00f3n de CRI de containerd (por medio de Kubernetes, crictl o cualquier otro cliente de pod/container que use el servicio CRI de containerd) que comparten la misma imagen, puede recibir variables de entorno incorrectas, incluyendo los valores definidos para otros contenedores.\u0026#xa0;Si los contenedores afectados presentan diferentes contextos de seguridad, esto puede permitir que informaci\u00f3n confidencial sea compartida sin intenci\u00f3n.\u0026#xa0;Si no est\u00e1 utilizando la implementaci\u00f3n de CRI de containerd (por medio de uno de los mecanismos descritos anteriormente), no es vulnerable a este problema.\u0026#xa0;Si no est\u00e1 iniciando varios contenedores o pods de Kubernetes desde la misma imagen que tienen diferentes variables de entorno, no es vulnerable a este problema.\u0026#xa0;Si no est\u00e1 iniciando varios contenedores o pods de Kubernetes desde la misma imagen en r\u00e1pida sucesi\u00f3n, presenta menos probabilidades de ser vulnerable a este problema. Esta vulnerabilidad ha sido corregida en containerd versi\u00f3n 1.3.10 y containerd versi\u00f3n 1.4.4.\u0026#xa0;Los usuarios deben actualizar a estas versiones\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-668\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.3.10\",\"matchCriteriaId\":\"D03A074C-D4A4-4378-94B0-1421F989EAA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.4.0\",\"versionEndExcluding\":\"1.4.4\",\"matchCriteriaId\":\"703E5B34-065D-40F7-BD1A-C4EC272FEA55\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}],\"references\":[{\"url\":\"https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/releases/tag/v1.3.10\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/releases/tag/v1.4.4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.gentoo.org/glsa/202105-33\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/releases/tag/v1.3.10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/releases/tag/v1.4.4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202105-33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Title
Уязвимость среды выполнения контейнеров Containerd, связанная с раскрытием информации в ошибочной области данных, позволяющая нарушителю получить доступ к конфиденциальным данным
Description
Уязвимость среды выполнения контейнеров Containerd связана с раскрытием информации в ошибочной области данных. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, получить доступ к конфиденциальным данным
Severity
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», АО «ИВК», Cloud Native Computing Foundation
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Альт 8 СП (запись в едином реестре российских программ №4305), Containerd
Software Version
9 (Debian GNU/Linux), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), - (Альт 8 СП), 4.7 (Astra Linux Special Edition), до 1.3.10 (Containerd), от 1.4.0 до 1.4.4 (Containerd)
Possible Mitigations
Для Containerd:
использование рекомендаций производителя: https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
Для Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2021-21334
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для ОС Astra Linux Special Edition 4.7 для архитектуры ARM:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD
Reference
https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e
https://github.com/containerd/containerd/releases/tag/v1.4.4
https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
https://nvd.nist.gov/vuln/detail/CVE-2021-21334
https://security-tracker.debian.org/tracker/CVE-2021-21334
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD
https://altsp.su/obnovleniya-bezopasnosti/
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD
CWE
CWE-668
{
"CVSS 2.0": "AV:N/AC:M/Au:S/C:C/I:N/A:N",
"CVSS 3.0": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Cloud Native Computing Foundation",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 4.7 (Astra Linux Special Edition), \u0434\u043e 1.3.10 (Containerd), \u043e\u0442 1.4.0 \u0434\u043e 1.4.4 (Containerd)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Containerd:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2021-21334\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.02.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.01.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-00284",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-21334",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Containerd",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u044b \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432 Containerd, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 \u043e\u0448\u0438\u0431\u043e\u0447\u043d\u043e\u0439 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043e\u0447\u043d\u043e\u0439 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 (CWE-668)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u044b \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432 Containerd \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 \u043e\u0448\u0438\u0431\u043e\u0447\u043d\u043e\u0439 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e\nhttps://github.com/containerd/containerd/releases/tag/v1.4.4\nhttps://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21334\nhttps://security-tracker.debian.org/tracker/CVE-2021-21334\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-668",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,3)"
}
CERTFR-2022-AVI-624
Vulnerability from certfr_avis - Published: 2022-07-11 - Updated: 2022-07-11
De multiples vulnérabilités ont été découvertes dans IBM MQ Operator et Queue manager. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | Image ibm-mqadvanced-server-integration versions antérieures à 9.3.0.0-r1 | ||
| IBM | N/A | Image ibm-mq-operator versions antérieures à 2.0.0 | ||
| IBM | N/A | Image ibm-mqadvanced-server-dev versions antérieures à 9.3.0.0-r1 | ||
| IBM | N/A | Image ibm-mq-operator-catalog versions antérieures à 2.0.0 | ||
| IBM | N/A | Image ibm-mqadvanced-server versions antérieures à 9.3.0.0-r1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Image ibm-mqadvanced-server-integration versions ant\u00e9rieures \u00e0 9.3.0.0-r1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Image ibm-mq-operator versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Image ibm-mqadvanced-server-dev versions ant\u00e9rieures \u00e0 9.3.0.0-r1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Image ibm-mq-operator-catalog versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Image ibm-mqadvanced-server versions ant\u00e9rieures \u00e0 9.3.0.0-r1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-15257",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15257"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2021-21334",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21334"
}
],
"initial_release_date": "2022-07-11T00:00:00",
"last_revision_date": "2022-07-11T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-624",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM MQ Operator et\nQueue manager. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM MQ Operator et Queue manager",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6602259 du 08 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6602259"
}
]
}
CERTFR-2024-AVI-0199
Vulnerability from certfr_avis - Published: 2024-03-08 - Updated: 2024-03-08
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | WebSphere Service Registry and Repository versions 8.5.x antérieures à WSRR V8.5.6.3_IJ40949_IJ45702_IJ48644_IJ48939_IJ48940 | ||
| IBM | WebSphere | WebSphere Service Registry and Repository Studio versions 8.5.x sans le dernier correctif de sécurité V8.5.6.3_IJ50069 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.19.0 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions 1.10.x.x antérieures à 1.10.19.0 | ||
| IBM | Sterling | Sterling External Authentication Server versions antérieures à 6.0.3 sans le correctif de sécurité iFix 10 | ||
| IBM | Sterling | Sterling External Authentication Server versions antérieures à 6.1.0 sans le correctif de sécurité iFix 06 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Service Registry and Repository versions 8.5.x ant\u00e9rieures \u00e0 WSRR V8.5.6.3_IJ40949_IJ45702_IJ48644_IJ48939_IJ48940",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository Studio versions 8.5.x sans le dernier correctif de s\u00e9curit\u00e9 V8.5.6.3_IJ50069",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.19.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.19.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions ant\u00e9rieures \u00e0 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix 10",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions ant\u00e9rieures \u00e0 6.1.0 sans le correctif de s\u00e9curit\u00e9 iFix 06",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-1099",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1099"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2024-24762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24762"
},
{
"name": "CVE-2021-43816",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43816"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2022-31030",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2018-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8088"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2020-15106",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15106"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2021-32760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32760"
},
{
"name": "CVE-2023-34478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34478"
},
{
"name": "CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"name": "CVE-2023-41900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2021-21334",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21334"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2024-23829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23829"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2023-47248",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47248"
},
{
"name": "CVE-2018-16886",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16886"
},
{
"name": "CVE-2022-23648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23648"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-22602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22602"
},
{
"name": "CVE-2021-41103",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41103"
},
{
"name": "CVE-2023-40743",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40743"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2017-16137",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16137"
},
{
"name": "CVE-2024-23334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23334"
}
],
"initial_release_date": "2024-03-08T00:00:00",
"last_revision_date": "2024-03-08T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0199",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7130806 du 07 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7130806"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7129989 du 06 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7129989"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7129833 du 04 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7129833"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7129327 du 01 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7129327"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7129821 du 04 mars 2024",
"url": "https://www.ibm.com/support/pages/node/7129821"
}
]
}
FKIE_CVE-2021-21334
Vulnerability from fkie_nvd - Published: 2021-03-10 22:15 - Updated: 2024-11-21 05:48
Severity
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | containerd | * | |
| linuxfoundation | containerd | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D03A074C-D4A4-4378-94B0-1421F989EAA1",
"versionEndExcluding": "1.3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "703E5B34-065D-40F7-BD1A-C4EC272FEA55",
"versionEndExcluding": "1.4.4",
"versionStartIncluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd\u0027s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd\u0027s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions."
},
{
"lang": "es",
"value": "En containerd (un tiempo de ejecuci\u00f3n de contenedor est\u00e1ndar de la industria) anteriores a versiones 1.3.10 y 1.4.4, los contenedores se iniciaron por medio de la implementaci\u00f3n de CRI de containerd (por medio de Kubernetes, crictl o cualquier otro cliente de pod/container que use el servicio CRI de containerd) que comparten la misma imagen, puede recibir variables de entorno incorrectas, incluyendo los valores definidos para otros contenedores.\u0026#xa0;Si los contenedores afectados presentan diferentes contextos de seguridad, esto puede permitir que informaci\u00f3n confidencial sea compartida sin intenci\u00f3n.\u0026#xa0;Si no est\u00e1 utilizando la implementaci\u00f3n de CRI de containerd (por medio de uno de los mecanismos descritos anteriormente), no es vulnerable a este problema.\u0026#xa0;Si no est\u00e1 iniciando varios contenedores o pods de Kubernetes desde la misma imagen que tienen diferentes variables de entorno, no es vulnerable a este problema.\u0026#xa0;Si no est\u00e1 iniciando varios contenedores o pods de Kubernetes desde la misma imagen en r\u00e1pida sucesi\u00f3n, presenta menos probabilidades de ser vulnerable a este problema. Esta vulnerabilidad ha sido corregida en containerd versi\u00f3n 1.3.10 y containerd versi\u00f3n 1.4.4.\u0026#xa0;Los usuarios deben actualizar a estas versiones"
}
],
"id": "CVE-2021-21334",
"lastModified": "2024-11-21T05:48:02.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-10T22:15:12.183",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/containerd/containerd/releases/tag/v1.3.10"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/containerd/containerd/releases/tag/v1.4.4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/containerd/containerd/releases/tag/v1.3.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/containerd/containerd/releases/tag/v1.4.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-33"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-6G2Q-W5J3-FWH4
Vulnerability from github – Published: 2024-01-31 23:22 – Updated: 2024-01-31 23:22
VLAI
Summary
containerd environment variable leak
Details
Impact
Containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared.
If you are not using containerd’s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue.
If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue.
If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue
Patches
This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions as soon as they are released.
Workarounds
There are no known workarounds.
For more information
If you have any questions or comments about this advisory:
- Open an issue
- Email us at security@containerd.io if you think you’ve found a security bug.
Severity
6.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/containerd/containerd"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/containerd/containerd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-21334"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-31T23:22:45Z",
"nvd_published_at": "2021-03-10T22:15:00Z",
"severity": "MODERATE"
},
"details": "## Impact\n\nContainers launched through containerd\u0027s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared.\n\nIf you are not using containerd\u2019s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue.\n\nIf you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue.\n\nIf you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue\n\n## Patches\n\nThis vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions as soon as they are released.\n\n## Workarounds\n\nThere are no known workarounds.\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at security@containerd.io if you think you\u2019ve found a security bug.",
"id": "GHSA-6g2q-w5j3-fwh4",
"modified": "2024-01-31T23:22:45Z",
"published": "2024-01-31T23:22:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21334"
},
{
"type": "WEB",
"url": "https://github.com/containerd/cri/pull/1628"
},
{
"type": "WEB",
"url": "https://github.com/containerd/cri/pull/1629"
},
{
"type": "WEB",
"url": "https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e"
},
{
"type": "WEB",
"url": "https://github.com/containerd/containerd/commit/2d9c8aa4b3f4313982c5c999af57212a1c5d144b"
},
{
"type": "WEB",
"url": "https://github.com/containerd/containerd/commit/cbcb2f57fbe221986f96b552855eb802f63193de"
},
{
"type": "WEB",
"url": "https://github.com/containerd/containerd/releases/tag/v1.3.10"
},
{
"type": "WEB",
"url": "https://github.com/containerd/containerd/releases/tag/v1.4.4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202105-33"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "containerd environment variable leak"
}
GSD-2021-21334
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-21334",
"description": "In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd\u0027s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd\u0027s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.",
"id": "GSD-2021-21334",
"references": [
"https://www.suse.com/security/cve/CVE-2021-21334.html",
"https://ubuntu.com/security/CVE-2021-21334",
"https://advisories.mageia.org/CVE-2021-21334.html",
"https://security.archlinux.org/CVE-2021-21334",
"https://alas.aws.amazon.com/cve/html/CVE-2021-21334.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-21334"
],
"details": "In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd\u0027s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd\u0027s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.",
"id": "GSD-2021-21334",
"modified": "2023-12-13T01:23:10.882942Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21334",
"STATE": "PUBLIC",
"TITLE": "environment variable leak"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "containerd",
"version": {
"version_data": [
{
"version_value": "\u003c 1.3.10"
},
{
"version_value": "\u003e= 1.4.0, \u003c 1.4.4"
}
]
}
}
]
},
"vendor_name": "containerd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd\u0027s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd\u0027s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-668\":\"Exposure of Resource to Wrong Sphere\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4",
"refsource": "CONFIRM",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4"
},
{
"name": "https://github.com/containerd/containerd/releases/tag/v1.4.4",
"refsource": "MISC",
"url": "https://github.com/containerd/containerd/releases/tag/v1.4.4"
},
{
"name": "https://github.com/containerd/containerd/releases/tag/v1.3.10",
"refsource": "MISC",
"url": "https://github.com/containerd/containerd/releases/tag/v1.3.10"
},
{
"name": "https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e",
"refsource": "MISC",
"url": "https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e"
},
{
"name": "FEDORA-2021-470fa24f5b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/"
},
{
"name": "FEDORA-2021-10ce8fcbf1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/"
},
{
"name": "FEDORA-2021-f049305892",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/"
},
{
"name": "GLSA-202105-33",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-33"
}
]
},
"source": {
"advisory": "GHSA-6g2q-w5j3-fwh4",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003cv1.3.10 || \u003e=v1.4.0 \u003cv1.4.4",
"affected_versions": "All versions before 1.3.10, all versions starting from 1.4.0 before 1.4.4",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-668",
"CWE-937"
],
"date": "2022-06-03",
"description": "In containerd (an industry-standard container runtime) Users should update to these versions.",
"fixed_versions": [
"v1.3.10",
"v1.4.4"
],
"identifier": "CVE-2021-21334",
"identifiers": [
"CVE-2021-21334",
"GHSA-6g2q-w5j3-fwh4"
],
"not_impacted": "All versions starting from 1.3.10 before 1.4.0, all versions starting from 1.4.4",
"package_slug": "go/github.com/containerd/containerd",
"pubdate": "2021-03-10",
"solution": "Upgrade to versions 1.3.10, 1.4.4 or above.",
"title": "Exposure of Resource to Wrong Sphere",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-21334"
],
"uuid": "bb72b5f4-124a-4c0b-9a5c-345b052ce836",
"versions": [
{
"commit": {
"sha": "9f6249ab49862f61fec54c423f21b464ed71a2a0",
"tags": [
"v1.4.0"
],
"timestamp": "20200817144132"
},
"number": "v1.4.0"
},
{
"commit": {
"sha": "ec222999bc8adf1c7d0f2fc1d9e7ea96b011cb5d",
"tags": [
"v1.3.10"
],
"timestamp": "20210305054555"
},
"number": "v1.3.10"
},
{
"commit": {
"sha": "afe869032ad2d672098b7c4feec3caba6ea83930",
"tags": [
"v1.4.4"
],
"timestamp": "20210305054555"
},
"number": "v1.4.4"
}
]
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.4.4",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.3.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21334"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd\u0027s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd\u0027s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4"
},
{
"name": "https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e"
},
{
"name": "https://github.com/containerd/containerd/releases/tag/v1.3.10",
"refsource": "MISC",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/containerd/containerd/releases/tag/v1.3.10"
},
{
"name": "https://github.com/containerd/containerd/releases/tag/v1.4.4",
"refsource": "MISC",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/containerd/containerd/releases/tag/v1.4.4"
},
{
"name": "FEDORA-2021-470fa24f5b",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/"
},
{
"name": "FEDORA-2021-10ce8fcbf1",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/"
},
{
"name": "FEDORA-2021-f049305892",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/"
},
{
"name": "GLSA-202105-33",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-33"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0
}
},
"lastModifiedDate": "2022-06-03T12:46Z",
"publishedDate": "2021-03-10T22:15Z"
}
}
}
MSRC_CVE-2021-21334
Vulnerability from csaf_microsoft - Published: 2021-03-02 00:00 - Updated: 2026-02-18 14:57Summary
environment variable leak
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
6.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 19028-16820 | — |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 16820-2 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-1 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2021-21334 environment variable leak - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-21334.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "environment variable leak",
"tracking": {
"current_release_date": "2026-02-18T14:57:59.000Z",
"generator": {
"date": "2026-02-26T08:07:32.767Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2021-21334",
"initial_release_date": "2021-03-02T00:00:00.000Z",
"revision_history": [
{
"date": "2021-07-16T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-02-18T14:57:59.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 moby-containerd 1.4.4+azure-2",
"product": {
"name": "\u003ccm1 moby-containerd 1.4.4+azure-2",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cm1 moby-containerd 1.4.4+azure-2",
"product": {
"name": "cm1 moby-containerd 1.4.4+azure-2",
"product_id": "19028"
}
}
],
"category": "product_name",
"name": "moby-containerd"
},
{
"category": "product_name",
"name": "azl3 kata-containers 3.15.0.aks0-1",
"product": {
"name": "azl3 kata-containers 3.15.0.aks0-1",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 moby-containerd 1.4.4+azure-2 as a component of CBL Mariner 1.0",
"product_id": "16820-2"
},
"product_reference": "2",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 moby-containerd 1.4.4+azure-2 as a component of CBL Mariner 1.0",
"product_id": "19028-16820"
},
"product_reference": "19028",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kata-containers 3.15.0.aks0-1 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-21334",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-1"
]
}
],
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19028-16820"
],
"known_affected": [
"16820-2"
],
"known_not_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-21334 environment variable leak - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-21334.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-16T00:00:00.000Z",
"details": "-:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 6.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"16820-2"
]
}
],
"title": "environment variable leak"
}
]
}
OPENSUSE-SU-2021:0878-1
Vulnerability from csaf_opensuse - Published: 2021-06-16 13:54 - Updated: 2021-06-16 13:54Summary
Security update for containerd, docker, runc
Severity
Important
Notes
Title of the patch: Security update for containerd, docker, runc
Description of the patch: This update for containerd, docker, runc fixes the following issues:
Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594)
* Switch version to use -ce suffix rather than _ce to avoid confusing other
tools (bsc#1182476).
* CVE-2021-21284: Fixed a potential privilege escalation when the root user in
the remapped namespace has access to the host filesystem (bsc#1181732)
* CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest
crashes the dockerd daemon (bsc#1181730).
* btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081)
runc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962).
* Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821).
* Fixed /dev/null is not available (bsc#1168481).
* CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405).
containerd was updated to v1.4.4
* CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397).
* Handle a requirement from docker (bsc#1181594).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2021-878
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:containerd-1.4.4-lp152.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:docker-20.10.6_ce-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:runc-1.0.0~rc93-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:containerd-1.4.4-lp152.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:docker-20.10.6_ce-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:runc-1.0.0~rc93-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:containerd-1.4.4-lp152.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:docker-20.10.6_ce-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:runc-1.0.0~rc93-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.4 (High)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:containerd-1.4.4-lp152.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:docker-20.10.6_ce-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:runc-1.0.0~rc93-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
34 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker, runc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, runc fixes the following issues:\n\nDocker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594)\n\n* Switch version to use -ce suffix rather than _ce to avoid confusing other\n tools (bsc#1182476).\n* CVE-2021-21284: Fixed a potential privilege escalation when the root user in \n the remapped namespace has access to the host filesystem (bsc#1181732)\n* CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest \n crashes the dockerd daemon (bsc#1181730). \n* btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081)\n\nrunc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962).\n\n* Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821).\n* Fixed /dev/null is not available (bsc#1168481).\n* CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405).\n\ncontainerd was updated to v1.4.4\n\n* CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397).\n* Handle a requirement from docker (bsc#1181594).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-878",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0878-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0878-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G76UZ7FY6VFG73EC6UUCBE46L3TAKR6G/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0878-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G76UZ7FY6VFG73EC6UUCBE46L3TAKR6G/"
},
{
"category": "self",
"summary": "SUSE Bug 1168481",
"url": "https://bugzilla.suse.com/1168481"
},
{
"category": "self",
"summary": "SUSE Bug 1175081",
"url": "https://bugzilla.suse.com/1175081"
},
{
"category": "self",
"summary": "SUSE Bug 1175821",
"url": "https://bugzilla.suse.com/1175821"
},
{
"category": "self",
"summary": "SUSE Bug 1181594",
"url": "https://bugzilla.suse.com/1181594"
},
{
"category": "self",
"summary": "SUSE Bug 1181641",
"url": "https://bugzilla.suse.com/1181641"
},
{
"category": "self",
"summary": "SUSE Bug 1181677",
"url": "https://bugzilla.suse.com/1181677"
},
{
"category": "self",
"summary": "SUSE Bug 1181730",
"url": "https://bugzilla.suse.com/1181730"
},
{
"category": "self",
"summary": "SUSE Bug 1181732",
"url": "https://bugzilla.suse.com/1181732"
},
{
"category": "self",
"summary": "SUSE Bug 1181749",
"url": "https://bugzilla.suse.com/1181749"
},
{
"category": "self",
"summary": "SUSE Bug 1182451",
"url": "https://bugzilla.suse.com/1182451"
},
{
"category": "self",
"summary": "SUSE Bug 1182476",
"url": "https://bugzilla.suse.com/1182476"
},
{
"category": "self",
"summary": "SUSE Bug 1182947",
"url": "https://bugzilla.suse.com/1182947"
},
{
"category": "self",
"summary": "SUSE Bug 1183024",
"url": "https://bugzilla.suse.com/1183024"
},
{
"category": "self",
"summary": "SUSE Bug 1183855",
"url": "https://bugzilla.suse.com/1183855"
},
{
"category": "self",
"summary": "SUSE Bug 1184768",
"url": "https://bugzilla.suse.com/1184768"
},
{
"category": "self",
"summary": "SUSE Bug 1184962",
"url": "https://bugzilla.suse.com/1184962"
},
{
"category": "self",
"summary": "SUSE Bug 1185405",
"url": "https://bugzilla.suse.com/1185405"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21284 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21285 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21334 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21334/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30465 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30465/"
}
],
"title": "Security update for containerd, docker, runc",
"tracking": {
"current_release_date": "2021-06-16T13:54:13Z",
"generator": {
"date": "2021-06-16T13:54:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0878-1",
"initial_release_date": "2021-06-16T13:54:13Z",
"revision_history": [
{
"date": "2021-06-16T13:54:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch",
"product": {
"name": "docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch",
"product_id": "docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch",
"product": {
"name": "docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch",
"product_id": "docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch",
"product": {
"name": "docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch",
"product_id": "docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.4.4-lp152.2.6.1.x86_64",
"product": {
"name": "containerd-1.4.4-lp152.2.6.1.x86_64",
"product_id": "containerd-1.4.4-lp152.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.4.4-lp152.2.6.1.x86_64",
"product": {
"name": "containerd-ctr-1.4.4-lp152.2.6.1.x86_64",
"product_id": "containerd-ctr-1.4.4-lp152.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-20.10.6_ce-lp152.2.12.1.x86_64",
"product": {
"name": "docker-20.10.6_ce-lp152.2.12.1.x86_64",
"product_id": "docker-20.10.6_ce-lp152.2.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "runc-1.0.0~rc93-lp152.2.3.1.x86_64",
"product": {
"name": "runc-1.0.0~rc93-lp152.2.3.1.x86_64",
"product_id": "runc-1.0.0~rc93-lp152.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.4.4-lp152.2.6.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:containerd-1.4.4-lp152.2.6.1.x86_64"
},
"product_reference": "containerd-1.4.4-lp152.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.4.4-lp152.2.6.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.6.1.x86_64"
},
"product_reference": "containerd-ctr-1.4.4-lp152.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-20.10.6_ce-lp152.2.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:docker-20.10.6_ce-lp152.2.12.1.x86_64"
},
"product_reference": "docker-20.10.6_ce-lp152.2.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch"
},
"product_reference": "docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch"
},
"product_reference": "docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch"
},
"product_reference": "docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.0~rc93-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:runc-1.0.0~rc93-lp152.2.3.1.x86_64"
},
"product_reference": "runc-1.0.0~rc93-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-21284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21284"
}
],
"notes": [
{
"category": "general",
"text": "In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using \"--userns-remap\", if the root user in the remapped namespace has access to the host filesystem they can modify files under \"/var/lib/docker/\u003cremapping\u003e\" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:containerd-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:docker-20.10.6_ce-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:runc-1.0.0~rc93-lp152.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21284",
"url": "https://www.suse.com/security/cve/CVE-2021-21284"
},
{
"category": "external",
"summary": "SUSE Bug 1181732 for CVE-2021-21284",
"url": "https://bugzilla.suse.com/1181732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:containerd-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:docker-20.10.6_ce-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:runc-1.0.0~rc93-lp152.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:containerd-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:docker-20.10.6_ce-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:runc-1.0.0~rc93-lp152.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-16T13:54:13Z",
"details": "low"
}
],
"title": "CVE-2021-21284"
},
{
"cve": "CVE-2021-21285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21285"
}
],
"notes": [
{
"category": "general",
"text": "In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:containerd-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:docker-20.10.6_ce-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:runc-1.0.0~rc93-lp152.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21285",
"url": "https://www.suse.com/security/cve/CVE-2021-21285"
},
{
"category": "external",
"summary": "SUSE Bug 1181730 for CVE-2021-21285",
"url": "https://bugzilla.suse.com/1181730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:containerd-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:docker-20.10.6_ce-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:runc-1.0.0~rc93-lp152.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:containerd-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:docker-20.10.6_ce-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:runc-1.0.0~rc93-lp152.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-16T13:54:13Z",
"details": "moderate"
}
],
"title": "CVE-2021-21285"
},
{
"cve": "CVE-2021-21334",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21334"
}
],
"notes": [
{
"category": "general",
"text": "In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd\u0027s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd\u0027s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:containerd-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:docker-20.10.6_ce-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:runc-1.0.0~rc93-lp152.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21334",
"url": "https://www.suse.com/security/cve/CVE-2021-21334"
},
{
"category": "external",
"summary": "SUSE Bug 1183397 for CVE-2021-21334",
"url": "https://bugzilla.suse.com/1183397"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:containerd-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:docker-20.10.6_ce-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:runc-1.0.0~rc93-lp152.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:containerd-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:docker-20.10.6_ce-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:runc-1.0.0~rc93-lp152.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-16T13:54:13Z",
"details": "moderate"
}
],
"title": "CVE-2021-21334"
},
{
"cve": "CVE-2021-30465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30465"
}
],
"notes": [
{
"category": "general",
"text": "runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:containerd-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:docker-20.10.6_ce-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:runc-1.0.0~rc93-lp152.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30465",
"url": "https://www.suse.com/security/cve/CVE-2021-30465"
},
{
"category": "external",
"summary": "SUSE Bug 1185405 for CVE-2021-30465",
"url": "https://bugzilla.suse.com/1185405"
},
{
"category": "external",
"summary": "SUSE Bug 1189161 for CVE-2021-30465",
"url": "https://bugzilla.suse.com/1189161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:containerd-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:docker-20.10.6_ce-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:runc-1.0.0~rc93-lp152.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:containerd-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.6.1.x86_64",
"openSUSE Leap 15.2:docker-20.10.6_ce-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:docker-bash-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-fish-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:docker-zsh-completion-20.10.6_ce-lp152.2.12.1.noarch",
"openSUSE Leap 15.2:runc-1.0.0~rc93-lp152.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-16T13:54:13Z",
"details": "important"
}
],
"title": "CVE-2021-30465"
}
]
}
OPENSUSE-SU-2021:1954-1
Vulnerability from csaf_opensuse - Published: 2021-07-10 13:50 - Updated: 2021-07-10 13:50Summary
Security update for containerd, docker, runc
Severity
Important
Notes
Title of the patch: Security update for containerd, docker, runc
Description of the patch: This update for containerd, docker, runc fixes the following issues:
Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594)
* Switch version to use -ce suffix rather than _ce to avoid confusing other
tools (bsc#1182476).
* CVE-2021-21284: Fixed a potential privilege escalation when the root user in
the remapped namespace has access to the host filesystem (bsc#1181732)
* CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest
crashes the dockerd daemon (bsc#1181730).
* btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081)
runc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962).
* Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821).
* Fixed /dev/null is not available (bsc#1168481).
* CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405).
containerd was updated to v1.4.4
* CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397).
* Handle a requirement from docker (bsc#1181594).
Patchnames: openSUSE-SLE-15.3-2021-1954
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:containerd-1.4.4-5.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-1.4.4-5.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-1.4.4-5.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-1.4.4-5.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-bash-completion-20.10.6_ce-6.49.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-fish-completion-20.10.6_ce-6.49.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-zsh-completion-20.10.6_ce-6.49.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:containerd-1.4.4-5.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-1.4.4-5.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-1.4.4-5.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-1.4.4-5.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-bash-completion-20.10.6_ce-6.49.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-fish-completion-20.10.6_ce-6.49.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-zsh-completion-20.10.6_ce-6.49.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:containerd-1.4.4-5.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-1.4.4-5.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-1.4.4-5.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-1.4.4-5.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-bash-completion-20.10.6_ce-6.49.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-fish-completion-20.10.6_ce-6.49.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-zsh-completion-20.10.6_ce-6.49.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.4 (High)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:containerd-1.4.4-5.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-1.4.4-5.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-1.4.4-5.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-1.4.4-5.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-bash-completion-20.10.6_ce-6.49.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-fish-completion-20.10.6_ce-6.49.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:docker-zsh-completion-20.10.6_ce-6.49.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
34 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker, runc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, runc fixes the following issues:\n\nDocker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594)\n\n* Switch version to use -ce suffix rather than _ce to avoid confusing other\n tools (bsc#1182476).\n* CVE-2021-21284: Fixed a potential privilege escalation when the root user in \n the remapped namespace has access to the host filesystem (bsc#1181732)\n* CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest \n crashes the dockerd daemon (bsc#1181730). \n* btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081)\n\nrunc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962).\n\n* Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821).\n* Fixed /dev/null is not available (bsc#1168481).\n* CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405).\n\ncontainerd was updated to v1.4.4\n\n* CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397).\n* Handle a requirement from docker (bsc#1181594).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2021-1954",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1954-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1954-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OX775QFGRPXXX7W5FDFKP3V5KCNZYD7F/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1954-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OX775QFGRPXXX7W5FDFKP3V5KCNZYD7F/"
},
{
"category": "self",
"summary": "SUSE Bug 1168481",
"url": "https://bugzilla.suse.com/1168481"
},
{
"category": "self",
"summary": "SUSE Bug 1175081",
"url": "https://bugzilla.suse.com/1175081"
},
{
"category": "self",
"summary": "SUSE Bug 1175821",
"url": "https://bugzilla.suse.com/1175821"
},
{
"category": "self",
"summary": "SUSE Bug 1181594",
"url": "https://bugzilla.suse.com/1181594"
},
{
"category": "self",
"summary": "SUSE Bug 1181641",
"url": "https://bugzilla.suse.com/1181641"
},
{
"category": "self",
"summary": "SUSE Bug 1181677",
"url": "https://bugzilla.suse.com/1181677"
},
{
"category": "self",
"summary": "SUSE Bug 1181730",
"url": "https://bugzilla.suse.com/1181730"
},
{
"category": "self",
"summary": "SUSE Bug 1181732",
"url": "https://bugzilla.suse.com/1181732"
},
{
"category": "self",
"summary": "SUSE Bug 1181749",
"url": "https://bugzilla.suse.com/1181749"
},
{
"category": "self",
"summary": "SUSE Bug 1182451",
"url": "https://bugzilla.suse.com/1182451"
},
{
"category": "self",
"summary": "SUSE Bug 1182476",
"url": "https://bugzilla.suse.com/1182476"
},
{
"category": "self",
"summary": "SUSE Bug 1182947",
"url": "https://bugzilla.suse.com/1182947"
},
{
"category": "self",
"summary": "SUSE Bug 1183024",
"url": "https://bugzilla.suse.com/1183024"
},
{
"category": "self",
"summary": "SUSE Bug 1183855",
"url": "https://bugzilla.suse.com/1183855"
},
{
"category": "self",
"summary": "SUSE Bug 1184768",
"url": "https://bugzilla.suse.com/1184768"
},
{
"category": "self",
"summary": "SUSE Bug 1184962",
"url": "https://bugzilla.suse.com/1184962"
},
{
"category": "self",
"summary": "SUSE Bug 1185405",
"url": "https://bugzilla.suse.com/1185405"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21284 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21285 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21334 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21334/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30465 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30465/"
}
],
"title": "Security update for containerd, docker, runc",
"tracking": {
"current_release_date": "2021-07-10T13:50:39Z",
"generator": {
"date": "2021-07-10T13:50:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1954-1",
"initial_release_date": "2021-07-10T13:50:39Z",
"revision_history": [
{
"date": "2021-07-10T13:50:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.4.4-5.32.1.aarch64",
"product": {
"name": "containerd-1.4.4-5.32.1.aarch64",
"product_id": "containerd-1.4.4-5.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.4.4-5.32.1.aarch64",
"product": {
"name": "containerd-ctr-1.4.4-5.32.1.aarch64",
"product_id": "containerd-ctr-1.4.4-5.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-20.10.6_ce-6.49.3.aarch64",
"product": {
"name": "docker-20.10.6_ce-6.49.3.aarch64",
"product_id": "docker-20.10.6_ce-6.49.3.aarch64"
}
},
{
"category": "product_version",
"name": "runc-1.0.0~rc93-1.14.2.aarch64",
"product": {
"name": "runc-1.0.0~rc93-1.14.2.aarch64",
"product_id": "runc-1.0.0~rc93-1.14.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-bash-completion-20.10.6_ce-6.49.3.noarch",
"product": {
"name": "docker-bash-completion-20.10.6_ce-6.49.3.noarch",
"product_id": "docker-bash-completion-20.10.6_ce-6.49.3.noarch"
}
},
{
"category": "product_version",
"name": "docker-fish-completion-20.10.6_ce-6.49.3.noarch",
"product": {
"name": "docker-fish-completion-20.10.6_ce-6.49.3.noarch",
"product_id": "docker-fish-completion-20.10.6_ce-6.49.3.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-20.10.6_ce-6.49.3.noarch",
"product": {
"name": "docker-zsh-completion-20.10.6_ce-6.49.3.noarch",
"product_id": "docker-zsh-completion-20.10.6_ce-6.49.3.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.4.4-5.32.1.ppc64le",
"product": {
"name": "containerd-1.4.4-5.32.1.ppc64le",
"product_id": "containerd-1.4.4-5.32.1.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.4.4-5.32.1.ppc64le",
"product": {
"name": "containerd-ctr-1.4.4-5.32.1.ppc64le",
"product_id": "containerd-ctr-1.4.4-5.32.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-20.10.6_ce-6.49.3.ppc64le",
"product": {
"name": "docker-20.10.6_ce-6.49.3.ppc64le",
"product_id": "docker-20.10.6_ce-6.49.3.ppc64le"
}
},
{
"category": "product_version",
"name": "runc-1.0.0~rc93-1.14.2.ppc64le",
"product": {
"name": "runc-1.0.0~rc93-1.14.2.ppc64le",
"product_id": "runc-1.0.0~rc93-1.14.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.4.4-5.32.1.s390x",
"product": {
"name": "containerd-1.4.4-5.32.1.s390x",
"product_id": "containerd-1.4.4-5.32.1.s390x"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.4.4-5.32.1.s390x",
"product": {
"name": "containerd-ctr-1.4.4-5.32.1.s390x",
"product_id": "containerd-ctr-1.4.4-5.32.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-20.10.6_ce-6.49.3.s390x",
"product": {
"name": "docker-20.10.6_ce-6.49.3.s390x",
"product_id": "docker-20.10.6_ce-6.49.3.s390x"
}
},
{
"category": "product_version",
"name": "runc-1.0.0~rc93-1.14.2.s390x",
"product": {
"name": "runc-1.0.0~rc93-1.14.2.s390x",
"product_id": "runc-1.0.0~rc93-1.14.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.4.4-5.32.1.x86_64",
"product": {
"name": "containerd-1.4.4-5.32.1.x86_64",
"product_id": "containerd-1.4.4-5.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.4.4-5.32.1.x86_64",
"product": {
"name": "containerd-ctr-1.4.4-5.32.1.x86_64",
"product_id": "containerd-ctr-1.4.4-5.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-20.10.6_ce-6.49.3.x86_64",
"product": {
"name": "docker-20.10.6_ce-6.49.3.x86_64",
"product_id": "docker-20.10.6_ce-6.49.3.x86_64"
}
},
{
"category": "product_version",
"name": "runc-1.0.0~rc93-1.14.2.x86_64",
"product": {
"name": "runc-1.0.0~rc93-1.14.2.x86_64",
"product_id": "runc-1.0.0~rc93-1.14.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.4.4-5.32.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:containerd-1.4.4-5.32.1.aarch64"
},
"product_reference": "containerd-1.4.4-5.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.4.4-5.32.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:containerd-1.4.4-5.32.1.ppc64le"
},
"product_reference": "containerd-1.4.4-5.32.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.4.4-5.32.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:containerd-1.4.4-5.32.1.s390x"
},
"product_reference": "containerd-1.4.4-5.32.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.4.4-5.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:containerd-1.4.4-5.32.1.x86_64"
},
"product_reference": "containerd-1.4.4-5.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.4.4-5.32.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.aarch64"
},
"product_reference": "containerd-ctr-1.4.4-5.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.4.4-5.32.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.ppc64le"
},
"product_reference": "containerd-ctr-1.4.4-5.32.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.4.4-5.32.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.s390x"
},
"product_reference": "containerd-ctr-1.4.4-5.32.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.4.4-5.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.x86_64"
},
"product_reference": "containerd-ctr-1.4.4-5.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-20.10.6_ce-6.49.3.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.aarch64"
},
"product_reference": "docker-20.10.6_ce-6.49.3.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-20.10.6_ce-6.49.3.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.ppc64le"
},
"product_reference": "docker-20.10.6_ce-6.49.3.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-20.10.6_ce-6.49.3.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.s390x"
},
"product_reference": "docker-20.10.6_ce-6.49.3.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-20.10.6_ce-6.49.3.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.x86_64"
},
"product_reference": "docker-20.10.6_ce-6.49.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-20.10.6_ce-6.49.3.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:docker-bash-completion-20.10.6_ce-6.49.3.noarch"
},
"product_reference": "docker-bash-completion-20.10.6_ce-6.49.3.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-20.10.6_ce-6.49.3.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:docker-fish-completion-20.10.6_ce-6.49.3.noarch"
},
"product_reference": "docker-fish-completion-20.10.6_ce-6.49.3.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-20.10.6_ce-6.49.3.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:docker-zsh-completion-20.10.6_ce-6.49.3.noarch"
},
"product_reference": "docker-zsh-completion-20.10.6_ce-6.49.3.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.0~rc93-1.14.2.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.aarch64"
},
"product_reference": "runc-1.0.0~rc93-1.14.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.0~rc93-1.14.2.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.ppc64le"
},
"product_reference": "runc-1.0.0~rc93-1.14.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.0~rc93-1.14.2.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.s390x"
},
"product_reference": "runc-1.0.0~rc93-1.14.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.0~rc93-1.14.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.x86_64"
},
"product_reference": "runc-1.0.0~rc93-1.14.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-21284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21284"
}
],
"notes": [
{
"category": "general",
"text": "In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using \"--userns-remap\", if the root user in the remapped namespace has access to the host filesystem they can modify files under \"/var/lib/docker/\u003cremapping\u003e\" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.aarch64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.ppc64le",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.s390x",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.x86_64",
"openSUSE Leap 15.3:docker-bash-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-fish-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-zsh-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.aarch64",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.ppc64le",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.s390x",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21284",
"url": "https://www.suse.com/security/cve/CVE-2021-21284"
},
{
"category": "external",
"summary": "SUSE Bug 1181732 for CVE-2021-21284",
"url": "https://bugzilla.suse.com/1181732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.aarch64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.ppc64le",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.s390x",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.x86_64",
"openSUSE Leap 15.3:docker-bash-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-fish-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-zsh-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.aarch64",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.ppc64le",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.s390x",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.aarch64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.ppc64le",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.s390x",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.x86_64",
"openSUSE Leap 15.3:docker-bash-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-fish-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-zsh-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.aarch64",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.ppc64le",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.s390x",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T13:50:39Z",
"details": "low"
}
],
"title": "CVE-2021-21284"
},
{
"cve": "CVE-2021-21285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21285"
}
],
"notes": [
{
"category": "general",
"text": "In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.aarch64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.ppc64le",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.s390x",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.x86_64",
"openSUSE Leap 15.3:docker-bash-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-fish-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-zsh-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.aarch64",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.ppc64le",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.s390x",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21285",
"url": "https://www.suse.com/security/cve/CVE-2021-21285"
},
{
"category": "external",
"summary": "SUSE Bug 1181730 for CVE-2021-21285",
"url": "https://bugzilla.suse.com/1181730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.aarch64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.ppc64le",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.s390x",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.x86_64",
"openSUSE Leap 15.3:docker-bash-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-fish-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-zsh-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.aarch64",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.ppc64le",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.s390x",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.aarch64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.ppc64le",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.s390x",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.x86_64",
"openSUSE Leap 15.3:docker-bash-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-fish-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-zsh-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.aarch64",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.ppc64le",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.s390x",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T13:50:39Z",
"details": "moderate"
}
],
"title": "CVE-2021-21285"
},
{
"cve": "CVE-2021-21334",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21334"
}
],
"notes": [
{
"category": "general",
"text": "In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd\u0027s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd\u0027s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.aarch64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.ppc64le",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.s390x",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.x86_64",
"openSUSE Leap 15.3:docker-bash-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-fish-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-zsh-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.aarch64",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.ppc64le",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.s390x",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21334",
"url": "https://www.suse.com/security/cve/CVE-2021-21334"
},
{
"category": "external",
"summary": "SUSE Bug 1183397 for CVE-2021-21334",
"url": "https://bugzilla.suse.com/1183397"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.aarch64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.ppc64le",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.s390x",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.x86_64",
"openSUSE Leap 15.3:docker-bash-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-fish-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-zsh-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.aarch64",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.ppc64le",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.s390x",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.aarch64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.ppc64le",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.s390x",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.x86_64",
"openSUSE Leap 15.3:docker-bash-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-fish-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-zsh-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.aarch64",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.ppc64le",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.s390x",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T13:50:39Z",
"details": "moderate"
}
],
"title": "CVE-2021-21334"
},
{
"cve": "CVE-2021-30465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30465"
}
],
"notes": [
{
"category": "general",
"text": "runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.aarch64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.ppc64le",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.s390x",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.x86_64",
"openSUSE Leap 15.3:docker-bash-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-fish-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-zsh-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.aarch64",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.ppc64le",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.s390x",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30465",
"url": "https://www.suse.com/security/cve/CVE-2021-30465"
},
{
"category": "external",
"summary": "SUSE Bug 1185405 for CVE-2021-30465",
"url": "https://bugzilla.suse.com/1185405"
},
{
"category": "external",
"summary": "SUSE Bug 1189161 for CVE-2021-30465",
"url": "https://bugzilla.suse.com/1189161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.aarch64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.ppc64le",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.s390x",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.x86_64",
"openSUSE Leap 15.3:docker-bash-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-fish-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-zsh-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.aarch64",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.ppc64le",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.s390x",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.aarch64",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.ppc64le",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.s390x",
"openSUSE Leap 15.3:containerd-ctr-1.4.4-5.32.1.x86_64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.aarch64",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.ppc64le",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.s390x",
"openSUSE Leap 15.3:docker-20.10.6_ce-6.49.3.x86_64",
"openSUSE Leap 15.3:docker-bash-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-fish-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:docker-zsh-completion-20.10.6_ce-6.49.3.noarch",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.aarch64",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.ppc64le",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.s390x",
"openSUSE Leap 15.3:runc-1.0.0~rc93-1.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T13:50:39Z",
"details": "important"
}
],
"title": "CVE-2021-30465"
}
]
}
OPENSUSE-SU-2024:10693-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
containerd-1.4.8-2.2 on GA media
Severity
Moderate
Notes
Title of the patch: containerd-1.4.8-2.2 on GA media
Description of the patch: These are all security issues fixed in the containerd-1.4.8-2.2 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10693
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.4 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.8 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
39 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "containerd-1.4.8-2.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the containerd-1.4.8-2.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10693",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10693-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9962 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15157 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15257 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21334 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21334/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32760 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32760/"
}
],
"title": "containerd-1.4.8-2.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10693-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.4.8-2.2.aarch64",
"product": {
"name": "containerd-1.4.8-2.2.aarch64",
"product_id": "containerd-1.4.8-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.4.8-2.2.aarch64",
"product": {
"name": "containerd-ctr-1.4.8-2.2.aarch64",
"product_id": "containerd-ctr-1.4.8-2.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.4.8-2.2.ppc64le",
"product": {
"name": "containerd-1.4.8-2.2.ppc64le",
"product_id": "containerd-1.4.8-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.4.8-2.2.ppc64le",
"product": {
"name": "containerd-ctr-1.4.8-2.2.ppc64le",
"product_id": "containerd-ctr-1.4.8-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.4.8-2.2.s390x",
"product": {
"name": "containerd-1.4.8-2.2.s390x",
"product_id": "containerd-1.4.8-2.2.s390x"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.4.8-2.2.s390x",
"product": {
"name": "containerd-ctr-1.4.8-2.2.s390x",
"product_id": "containerd-ctr-1.4.8-2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.4.8-2.2.x86_64",
"product": {
"name": "containerd-1.4.8-2.2.x86_64",
"product_id": "containerd-1.4.8-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.4.8-2.2.x86_64",
"product": {
"name": "containerd-ctr-1.4.8-2.2.x86_64",
"product_id": "containerd-ctr-1.4.8-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.4.8-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64"
},
"product_reference": "containerd-1.4.8-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.4.8-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le"
},
"product_reference": "containerd-1.4.8-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.4.8-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x"
},
"product_reference": "containerd-1.4.8-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.4.8-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64"
},
"product_reference": "containerd-1.4.8-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.4.8-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64"
},
"product_reference": "containerd-ctr-1.4.8-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.4.8-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le"
},
"product_reference": "containerd-ctr-1.4.8-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.4.8-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x"
},
"product_reference": "containerd-ctr-1.4.8-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.4.8-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
},
"product_reference": "containerd-ctr-1.4.8-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-9962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9962"
}
],
"notes": [
{
"category": "general",
"text": "RunC allowed additional container processes via \u0027runc exec\u0027 to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9962",
"url": "https://www.suse.com/security/cve/CVE-2016-9962"
},
{
"category": "external",
"summary": "SUSE Bug 1012568 for CVE-2016-9962",
"url": "https://bugzilla.suse.com/1012568"
},
{
"category": "external",
"summary": "SUSE Bug 1173425 for CVE-2016-9962",
"url": "https://bugzilla.suse.com/1173425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9962"
},
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
},
{
"cve": "CVE-2020-15157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15157"
}
],
"notes": [
{
"category": "general",
"text": "In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a \"foreign layer\"), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user\u0027s username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15157",
"url": "https://www.suse.com/security/cve/CVE-2020-15157"
},
{
"category": "external",
"summary": "SUSE Bug 1177598 for CVE-2020-15157",
"url": "https://bugzilla.suse.com/1177598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-15157"
},
{
"cve": "CVE-2020-15257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15257"
}
],
"notes": [
{
"category": "general",
"text": "containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim\u0027s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the \"host\" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container\u0027s privilege, regardless of what container runtime is used for running that container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15257",
"url": "https://www.suse.com/security/cve/CVE-2020-15257"
},
{
"category": "external",
"summary": "SUSE Bug 1178969 for CVE-2020-15257",
"url": "https://bugzilla.suse.com/1178969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15257"
},
{
"cve": "CVE-2021-21334",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21334"
}
],
"notes": [
{
"category": "general",
"text": "In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd\u0027s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd\u0027s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21334",
"url": "https://www.suse.com/security/cve/CVE-2021-21334"
},
{
"category": "external",
"summary": "SUSE Bug 1183397 for CVE-2021-21334",
"url": "https://bugzilla.suse.com/1183397"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-21334"
},
{
"cve": "CVE-2021-32760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32760"
}
],
"notes": [
{
"category": "general",
"text": "containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host\u0027s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32760",
"url": "https://www.suse.com/security/cve/CVE-2021-32760"
},
{
"category": "external",
"summary": "SUSE Bug 1188282 for CVE-2021-32760",
"url": "https://bugzilla.suse.com/1188282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-32760"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…