Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2021-32760
Vulnerability from cvelistv5
Published
2021-07-19 00:00
Modified
2024-11-19 14:27
Severity ?
EPSS score ?
Summary
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| containerd | containerd |
Version: <= 1.4.7 Version: >= 1.5.0, <= 1.5.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:33:55.800Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w", }, { tags: [ "x_transferred", ], url: "https://github.com/containerd/containerd/releases/tag/v1.4.8", }, { tags: [ "x_transferred", ], url: "https://github.com/containerd/containerd/releases/tag/v1.5.4", }, { name: "FEDORA-2021-53ce601cb0", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/", }, { name: "GLSA-202401-31", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-31", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-32760", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-19T14:27:11.335304Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-19T14:27:20.905Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "containerd", vendor: "containerd", versions: [ { status: "affected", version: "<= 1.4.7", }, { status: "affected", version: ">= 1.5.0, <= 1.5.3", }, ], }, ], descriptions: [ { lang: "en", value: "containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-668", description: "CWE-668: Exposure of Resource to Wrong Sphere", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-31T13:06:23.914511", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { url: "https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w", }, { url: "https://github.com/containerd/containerd/releases/tag/v1.4.8", }, { url: "https://github.com/containerd/containerd/releases/tag/v1.5.4", }, { name: "FEDORA-2021-53ce601cb0", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/", }, { name: "GLSA-202401-31", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-31", }, ], source: { advisory: "GHSA-c72p-9xmj-rx3w", discovery: "UNKNOWN", }, title: "Archive package allows chmod of file outside of unpack target directory", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-32760", datePublished: "2021-07-19T00:00:00", dateReserved: "2021-05-12T00:00:00", dateUpdated: "2024-11-19T14:27:20.905Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.4.8\", \"matchCriteriaId\": \"B80F3640-4786-43D6-B222-FBE9A98B86D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.5.0\", \"versionEndExcluding\": \"1.5.4\", \"matchCriteriaId\": \"B29F81BF-E74A-4C4E-ADEE-7A70AA58A9DC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host\\u2019s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.\"}, {\"lang\": \"es\", \"value\": \"containerd es un tiempo de ejecuci\\u00f3n de contenedores. Se ha encontrado un bug en las versiones de containerd anteriores a 1.4.8 y la 1.5.4, donde tirando y extrayendo una imagen de contenedor especialmente dise\\u00f1ada puede resultar en cambios en los permisos de archivos Unix para los archivos existentes en el sistema de archivos del host. Los cambios en los permisos de los archivos pueden denegar el acceso al propietario esperado del archivo, ampliar el acceso a otros, o establecer bits extendidos como setuid, setgid y sticky. Este bug no permite directamente la lectura, modificaci\\u00f3n o ejecuci\\u00f3n de archivos sin un proceso adicional de cooperaci\\u00f3n. Este bug ha sido corregido en containerd versiones 1.5.4 y 1.4.8. Como soluci\\u00f3n, aseg\\u00farese de que los usuarios s\\u00f3lo obtienen im\\u00e1genes de fuentes de confianza. Los m\\u00f3dulos de seguridad de Linux (LSM) como SELinux y AppArmor pueden limitar los archivos potencialmente afectados por este bug mediante pol\\u00edticas y perfiles que impiden que containerd interact\\u00fae con archivos espec\\u00edficos\"}]", id: "CVE-2021-32760", lastModified: "2024-11-21T06:07:41.097", metrics: "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L\", \"baseScore\": 5.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 3.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}", published: "2021-07-19T21:15:07.857", references: "[{\"url\": \"https://github.com/containerd/containerd/releases/tag/v1.4.8\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/containerd/containerd/releases/tag/v1.5.4\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://security.gentoo.org/glsa/202401-31\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/containerd/containerd/releases/tag/v1.4.8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/containerd/containerd/releases/tag/v1.5.4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202401-31\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-668\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2021-32760\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-07-19T21:15:07.857\",\"lastModified\":\"2024-11-21T06:07:41.097\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.\"},{\"lang\":\"es\",\"value\":\"containerd es un tiempo de ejecución de contenedores. Se ha encontrado un bug en las versiones de containerd anteriores a 1.4.8 y la 1.5.4, donde tirando y extrayendo una imagen de contenedor especialmente diseñada puede resultar en cambios en los permisos de archivos Unix para los archivos existentes en el sistema de archivos del host. Los cambios en los permisos de los archivos pueden denegar el acceso al propietario esperado del archivo, ampliar el acceso a otros, o establecer bits extendidos como setuid, setgid y sticky. Este bug no permite directamente la lectura, modificación o ejecución de archivos sin un proceso adicional de cooperación. Este bug ha sido corregido en containerd versiones 1.5.4 y 1.4.8. Como solución, asegúrese de que los usuarios sólo obtienen imágenes de fuentes de confianza. Los módulos de seguridad de Linux (LSM) como SELinux y AppArmor pueden limitar los archivos potencialmente afectados por este bug mediante políticas y perfiles que impiden que containerd interactúe con archivos específicos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-668\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.8\",\"matchCriteriaId\":\"B80F3640-4786-43D6-B222-FBE9A98B86D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.5.0\",\"versionEndExcluding\":\"1.5.4\",\"matchCriteriaId\":\"B29F81BF-E74A-4C4E-ADEE-7A70AA58A9DC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}],\"references\":[{\"url\":\"https://github.com/containerd/containerd/releases/tag/v1.4.8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/releases/tag/v1.5.4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.gentoo.org/glsa/202401-31\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/containerd/containerd/releases/tag/v1.4.8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/releases/tag/v1.5.4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202401-31\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/containerd/containerd/releases/tag/v1.4.8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/containerd/containerd/releases/tag/v1.5.4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/\", \"name\": \"FEDORA-2021-53ce601cb0\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-31\", \"name\": \"GLSA-202401-31\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T23:33:55.800Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-32760\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-19T14:27:11.335304Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-19T14:27:17.702Z\"}}], \"cna\": {\"title\": \"Archive package allows chmod of file outside of unpack target directory\", \"source\": {\"advisory\": \"GHSA-c72p-9xmj-rx3w\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"containerd\", \"product\": \"containerd\", \"versions\": [{\"status\": \"affected\", \"version\": \"<= 1.4.7\"}, {\"status\": \"affected\", \"version\": \">= 1.5.0, <= 1.5.3\"}]}], \"references\": [{\"url\": \"https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w\"}, {\"url\": \"https://github.com/containerd/containerd/releases/tag/v1.4.8\"}, {\"url\": \"https://github.com/containerd/containerd/releases/tag/v1.5.4\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/\", \"name\": \"FEDORA-2021-53ce601cb0\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-31\", \"name\": \"GLSA-202401-31\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host\\u2019s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-668\", \"description\": \"CWE-668: Exposure of Resource to Wrong Sphere\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-01-31T13:06:23.914511\"}}}", cveMetadata: "{\"cveId\": \"CVE-2021-32760\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-19T14:27:20.905Z\", \"dateReserved\": \"2021-05-12T00:00:00\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2021-07-19T00:00:00\", \"assignerShortName\": \"GitHub_M\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
ghsa-c72p-9xmj-rx3w
Vulnerability from github
Published
2021-07-26 21:17
Modified
2024-01-31 15:31
Severity ?
Summary
Archive package allows chmod of file outside of unpack target directory
Details
Impact
A bug was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.
Patches
This bug has been fixed in containerd 1.5.4 and 1.4.8. Users should update to these versions as soon as they are released. Running containers do not need to be restarted.
Workarounds
Ensure you only pull images from trusted sources.
Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with unexpected files.
For more information
If you have any questions or comments about this advisory:
- Open an issue
- Email us at security@containerd.io if you think you’ve found a security bug.
{ affected: [ { package: { ecosystem: "Go", name: "github.com/containerd/containerd", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "1.4.8", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Go", name: "github.com/containerd/containerd", }, ranges: [ { events: [ { introduced: "1.5.0", }, { fixed: "1.5.4", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2021-32760", ], database_specific: { cwe_ids: [ "CWE-668", "CWE-732", ], github_reviewed: true, github_reviewed_at: "2021-07-22T20:21:14Z", nvd_published_at: "2021-07-19T21:15:00Z", severity: "MODERATE", }, details: "## Impact\n\nA bug was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.\n\n## Patches\n\nThis bug has been fixed in containerd 1.5.4 and 1.4.8. Users should update to these versions as soon as they are released. Running containers do not need to be restarted.\n\n## Workarounds\n\nEnsure you only pull images from trusted sources.\n\nLinux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with unexpected files.\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at security@containerd.io if you think you’ve found a security bug.", id: "GHSA-c72p-9xmj-rx3w", modified: "2024-01-31T15:31:56Z", published: "2021-07-26T21:17:45Z", references: [ { type: "WEB", url: "https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w", }, { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-32760", }, { type: "WEB", url: "https://github.com/containerd/containerd/commit/22e9a70c71eff6507be71955947a611f2ed91e6c", }, { type: "WEB", url: "https://github.com/containerd/containerd/commit/7ad08c69e09ee4930a48dbf2aab3cd612458617f", }, { type: "PACKAGE", url: "https://github.com/containerd/containerd", }, { type: "WEB", url: "https://github.com/containerd/containerd/releases/tag/v1.4.8", }, { type: "WEB", url: "https://github.com/containerd/containerd/releases/tag/v1.5.4", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3", }, { type: "WEB", url: "https://security.gentoo.org/glsa/202401-31", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", type: "CVSS_V3", }, ], summary: "Archive package allows chmod of file outside of unpack target directory", }
rhsa-2022:2183
Vulnerability from csaf_redhat
Published
2022-05-11 11:33
Modified
2025-03-27 23:05
Summary
Red Hat Security Advisory: Release of containers for OSP 16.2.z director operator tech preview
Notes
Topic
Red Hat OpenStack Platform 16.2 (Train) director Operator containers are
available for technology preview.
Details
Release osp-director-operator images
Security Fix(es):
* golang: kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote (CVE-2019-11253)
* golang: golang-github-miekg-dns: predictable TXID can lead to response forgeries (CVE-2019-19794)
* golang: containerd: unrestricted access to abstract Unix domain socket can lead to privileges (CVE-2020-15257)
* golang: ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)
* golang: containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenStack Platform 16.2 (Train) director Operator containers are\navailable for technology preview.", title: "Topic", }, { category: "general", text: "Release osp-director-operator images\n\nSecurity Fix(es):\n\n* golang: kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote (CVE-2019-11253)\n* golang: golang-github-miekg-dns: predictable TXID can lead to response forgeries (CVE-2019-19794)\n* golang: containerd: unrestricted access to abstract Unix domain socket can lead to privileges (CVE-2020-15257)\n* golang: ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)\n* golang: containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:2183", url: "https://access.redhat.com/errata/RHSA-2022:2183", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "1757701", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1757701", }, { category: "external", summary: "1786761", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1786761", }, { category: "external", summary: "1899487", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1899487", }, { category: "external", summary: "1954368", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954368", }, { category: "external", summary: "1982681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1982681", }, { category: "external", summary: "2079447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2079447", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_2183.json", }, ], title: "Red Hat Security Advisory: Release of containers for OSP 16.2.z director operator tech preview", tracking: { current_release_date: "2025-03-27T23:05:10+00:00", generator: { date: "2025-03-27T23:05:10+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:2183", initial_release_date: "2022-05-11T11:33:14+00:00", revision_history: [ { date: "2022-05-11T11:33:14+00:00", number: "1", summary: "Initial version", }, { date: "2022-05-11T11:33:14+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-27T23:05:10+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenStack Platform 16.2", product: { name: "Red Hat OpenStack Platform 16.2", product_id: "8Base-RHOS-16.2", product_identification_helper: { cpe: "cpe:/a:redhat:openstack:16.2::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenStack Platform", }, { branches: [ { category: "product_version", name: "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", product: { name: "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", product_id: "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", product_identification_helper: { purl: "pkg:oci/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb?arch=amd64&repository_url=registry.redhat.io/rhosp-rhel8-tech-preview/osp-director-downloader&tag=1.2.3-2", }, }, }, { category: "product_version", name: "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", product: { name: "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", product_id: "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", product_identification_helper: { purl: "pkg:oci/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d?arch=amd64&repository_url=registry.redhat.io/rhosp-rhel8-tech-preview/osp-director-operator-bundle&tag=1.2.3-3", }, }, }, { category: "product_version", name: "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", product: { name: "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", product_id: "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", product_identification_helper: { purl: "pkg:oci/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56?arch=amd64&repository_url=registry.redhat.io/rhosp-rhel8-tech-preview/osp-director-operator&tag=1.2.3-2", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64 as a component of Red Hat OpenStack Platform 16.2", product_id: "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", }, product_reference: "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", relates_to_product_reference: "8Base-RHOS-16.2", }, { category: "default_component_of", full_product_name: { name: "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64 as a component of Red Hat OpenStack Platform 16.2", product_id: "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", }, product_reference: "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", relates_to_product_reference: "8Base-RHOS-16.2", }, { category: "default_component_of", full_product_name: { name: "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64 as a component of Red Hat OpenStack Platform 16.2", product_id: "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", }, product_reference: "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", relates_to_product_reference: "8Base-RHOS-16.2", }, ], }, vulnerabilities: [ { cve: "CVE-2019-11253", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-10-01T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1757701", }, ], notes: [ { category: "description", text: "A flaw was found kubernetes. The parsing of YAML manifests by the Kubernetes API server could lead to a denial-of-service attack leaving it vulnerable to an instance of a \"billion laughs\" attack. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote denial of service", title: "Vulnerability summary", }, { category: "other", text: "For Red Hat OpenStack Platform, because kubernetes is not directly used in director-operator, the RHOSP Impact has been moved to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], known_not_affected: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11253", }, { category: "external", summary: "RHBZ#1757701", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1757701", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11253", url: "https://www.cve.org/CVERecord?id=CVE-2019-11253", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11253", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11253", }, { category: "external", summary: "https://www.stackrox.com/post/2019/09/protecting-kubernetes-api-against-cve-2019-11253-billion-laughs-attack/", url: "https://www.stackrox.com/post/2019/09/protecting-kubernetes-api-against-cve-2019-11253-billion-laughs-attack/", }, ], release_date: "2019-09-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-05-11T11:33:14+00:00", details: "OSP 16.2 Release - OSP Director Operator Containers tech preview", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:2183", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote denial of service", }, { cve: "CVE-2019-19794", cwe: { id: "CWE-338", name: "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", }, discovery_date: "2019-12-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1786761", }, ], notes: [ { category: "description", text: "The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.", title: "Vulnerability description", }, { category: "summary", text: "golang-github-miekg-dns: predictable TXID can lead to response forgeries", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], known_not_affected: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-19794", }, { category: "external", summary: "RHBZ#1786761", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1786761", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-19794", url: "https://www.cve.org/CVERecord?id=CVE-2019-19794", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-19794", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-19794", }, ], release_date: "2019-12-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-05-11T11:33:14+00:00", details: "OSP 16.2 Release - OSP Director Operator Containers tech preview", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:2183", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-github-miekg-dns: predictable TXID can lead to response forgeries", }, { cve: "CVE-2020-15257", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, discovery_date: "2020-11-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1899487", }, ], notes: [ { category: "description", text: "A flaw was found in containerd. Access controls for the shim's API socket verified that a connecting process had an effective UID of 0, but otherwise did not restrict access to the abstract Unix domain socket. This could allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", title: "Vulnerability description", }, { category: "summary", text: "containerd: unrestricted access to abstract Unix domain socket can lead to privileges escalation", title: "Vulnerability summary", }, { category: "other", text: "* The container runtime in OpenShift Container Platform 4 is cri-o which is not affected by this flaw. It doesn't make use of abstract unix sockets like containerd, which lead to this vulnerability being possible.\n\n* Red Hat Advanced Cluster Management for Kubernetes is not affected by this flaw. While containerd is included in the multicloud-operators-subscription image as a dependency of helm, it is not used in any way that exposes the abstract unix socket that is involved in this vulnerability.\n\n* The container-tools module in Red Hat Enterprise Linux is not affected by this flaw as these packages do not use abstract unix sockets for container management.\n\n* For Red Hat OpenStack Platform, because containerd is not actually used in director-operator, the RHOSP Impact has been moved to Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], known_not_affected: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-15257", }, { category: "external", summary: "RHBZ#1899487", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1899487", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-15257", url: "https://www.cve.org/CVERecord?id=CVE-2020-15257", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-15257", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-15257", }, ], release_date: "2020-11-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-05-11T11:33:14+00:00", details: "OSP 16.2 Release - OSP Director Operator Containers tech preview", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:2183", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "containerd: unrestricted access to abstract Unix domain socket can lead to privileges escalation", }, { cve: "CVE-2021-29482", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-04-28T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1954368", }, ], notes: [ { category: "description", text: "A flaw was found in github.com/ulikunitz/xz. The function readUvarint may not terminate a loop what could lead to denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are behind OpenShift OAuth authentication, therefore the impact is low.\nIn OCP before 4.7 the buildah, skopeo and podman packages include vulnerable version of github.com/ulikunitz/xz, but these OCP releases are already in the Maintenance Phase of the support, hence affected components are marked as wontfix. This may be fixed in the future.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], known_not_affected: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-29482", }, { category: "external", summary: "RHBZ#1954368", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954368", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-29482", url: "https://www.cve.org/CVERecord?id=CVE-2021-29482", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-29482", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-29482", }, ], release_date: "2020-08-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-05-11T11:33:14+00:00", details: "OSP 16.2 Release - OSP Director Operator Containers tech preview", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:2183", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service", }, { acknowledgments: [ { names: [ "distros", ], organization: "distros", }, ], cve: "CVE-2021-32760", cwe: { id: "CWE-281", name: "Improper Preservation of Permissions", }, discovery_date: "2021-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1982681", }, ], notes: [ { category: "description", text: "A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.", title: "Vulnerability description", }, { category: "summary", text: "containerd: pulling and extracting crafted container image may result in Unix file permission changes", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], known_not_affected: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-32760", }, { category: "external", summary: "RHBZ#1982681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1982681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-32760", url: "https://www.cve.org/CVERecord?id=CVE-2021-32760", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-32760", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-32760", }, ], release_date: "2021-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-05-11T11:33:14+00:00", details: "OSP 16.2 Release - OSP Director Operator Containers tech preview", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:2183", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "containerd: pulling and extracting crafted container image may result in Unix file permission changes", }, ], }
rhsa-2023_5952
Vulnerability from csaf_redhat
Published
2023-10-19 22:22
Modified
2024-12-18 04:47
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh for 2.4.4 security update
Notes
Topic
An update is now available for Red Hat OpenShift Service Mesh 2.4 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)
* buildkit: Data disclosure in provenance attestation describing a build (CVE-2023-26054)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat OpenShift Service Mesh 2.4 for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)\n\n* buildkit: Data disclosure in provenance attestation describing a build (CVE-2023-26054)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5952", url: "https://access.redhat.com/errata/RHSA-2023:5952", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", url: "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", }, { category: "external", summary: "1982681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1982681", }, { category: "external", summary: "2176447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2176447", }, { category: "external", summary: "2242010", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242010", }, { category: "external", summary: "2243296", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", }, { category: "external", summary: "OSSM-3771", url: "https://issues.redhat.com/browse/OSSM-3771", }, { category: "external", summary: "OSSM-4851", url: "https://issues.redhat.com/browse/OSSM-4851", }, { category: "external", summary: "OSSM-4873", url: "https://issues.redhat.com/browse/OSSM-4873", }, { category: "external", summary: "OSSM-4957", url: "https://issues.redhat.com/browse/OSSM-4957", }, { category: "external", summary: "OSSM-4963", url: "https://issues.redhat.com/browse/OSSM-4963", }, { category: "external", summary: "OSSM-5022", url: "https://issues.redhat.com/browse/OSSM-5022", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5952.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Service Mesh for 2.4.4 security update", tracking: { current_release_date: "2024-12-18T04:47:12+00:00", generator: { date: "2024-12-18T04:47:12+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:5952", initial_release_date: "2023-10-19T22:22:44+00:00", revision_history: [ { date: "2023-10-19T22:22:44+00:00", number: "1", summary: "Initial version", }, { date: "2023-10-19T22:22:44+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-18T04:47:12+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHOSSM 2.4 for RHEL 8", product: { name: "RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.4::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Service Mesh", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.4.4-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.65.9-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.65.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.4.4-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.4.4-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.4.4-2", }, }, }, ], category: "architecture", name: "arm64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", product_id: "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.4.4-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.65.9-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.65.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.4.4-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.4.4-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", product_id: "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.4.4-2", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.4.4-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.65.9-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.65.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.4.4-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.4.4-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.4.4-2", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", product_id: "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.4.4-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", product_id: "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.65.9-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.65.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.4.4-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.4.4-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", product_id: "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.4.4-2", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "distros", ], organization: "distros", }, ], cve: "CVE-2021-32760", cwe: { id: "CWE-281", name: "Improper Preservation of Permissions", }, discovery_date: "2021-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1982681", }, ], notes: [ { category: "description", text: "A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.", title: "Vulnerability description", }, { category: "summary", text: "containerd: pulling and extracting crafted container image may result in Unix file permission changes", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-32760", }, { category: "external", summary: "RHBZ#1982681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1982681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-32760", url: "https://www.cve.org/CVERecord?id=CVE-2021-32760", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-32760", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-32760", }, ], release_date: "2021-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-10-19T22:22:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5952", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "containerd: pulling and extracting crafted container image may result in Unix file permission changes", }, { cve: "CVE-2023-26054", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-03-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2176447", }, ], notes: [ { category: "description", text: "A flaw was found in the moby buildkit. When a build is performed under specific conditions where credentials were passed to BuildKit, it may be visible to everyone with access to provenance attestation.", title: "Vulnerability description", }, { category: "summary", text: "buildkit: Data disclosure in provenance attestation describing a build", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-26054", }, { category: "external", summary: "RHBZ#2176447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2176447", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-26054", url: "https://www.cve.org/CVERecord?id=CVE-2023-26054", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-26054", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26054", }, { category: "external", summary: "https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc", url: "https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc", }, ], release_date: "2023-03-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-10-19T22:22:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5952", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "buildkit: Data disclosure in provenance attestation describing a build", }, { cve: "CVE-2023-39325", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-10-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2243296", }, ], notes: [ { category: "description", text: "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", title: "Vulnerability summary", }, { category: "other", text: "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39325", }, { category: "external", summary: "RHBZ#2243296", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", }, { category: "external", summary: "RHSB-2023-003", url: "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39325", url: "https://www.cve.org/CVERecord?id=CVE-2023-39325", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2023-44487", url: "https://access.redhat.com/security/cve/CVE-2023-44487", }, { category: "external", summary: "https://go.dev/issue/63417", url: "https://go.dev/issue/63417", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2023-2102", url: "https://pkg.go.dev/vuln/GO-2023-2102", }, { category: "external", summary: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", }, ], release_date: "2023-10-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-10-19T22:22:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5952", }, { category: "workaround", details: "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", }, ], }
rhsa-2022_2183
Vulnerability from csaf_redhat
Published
2022-05-11 11:33
Modified
2024-12-17 21:57
Summary
Red Hat Security Advisory: Release of containers for OSP 16.2.z director operator tech preview
Notes
Topic
Red Hat OpenStack Platform 16.2 (Train) director Operator containers are
available for technology preview.
Details
Release osp-director-operator images
Security Fix(es):
* golang: kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote (CVE-2019-11253)
* golang: golang-github-miekg-dns: predictable TXID can lead to response forgeries (CVE-2019-19794)
* golang: containerd: unrestricted access to abstract Unix domain socket can lead to privileges (CVE-2020-15257)
* golang: ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)
* golang: containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenStack Platform 16.2 (Train) director Operator containers are\navailable for technology preview.", title: "Topic", }, { category: "general", text: "Release osp-director-operator images\n\nSecurity Fix(es):\n\n* golang: kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote (CVE-2019-11253)\n* golang: golang-github-miekg-dns: predictable TXID can lead to response forgeries (CVE-2019-19794)\n* golang: containerd: unrestricted access to abstract Unix domain socket can lead to privileges (CVE-2020-15257)\n* golang: ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)\n* golang: containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:2183", url: "https://access.redhat.com/errata/RHSA-2022:2183", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "1757701", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1757701", }, { category: "external", summary: "1786761", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1786761", }, { category: "external", summary: "1899487", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1899487", }, { category: "external", summary: "1954368", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954368", }, { category: "external", summary: "1982681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1982681", }, { category: "external", summary: "2079447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2079447", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_2183.json", }, ], title: "Red Hat Security Advisory: Release of containers for OSP 16.2.z director operator tech preview", tracking: { current_release_date: "2024-12-17T21:57:06+00:00", generator: { date: "2024-12-17T21:57:06+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2022:2183", initial_release_date: "2022-05-11T11:33:14+00:00", revision_history: [ { date: "2022-05-11T11:33:14+00:00", number: "1", summary: "Initial version", }, { date: "2022-05-11T11:33:14+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-17T21:57:06+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenStack Platform 16.2", product: { name: "Red Hat OpenStack Platform 16.2", product_id: "8Base-RHOS-16.2", product_identification_helper: { cpe: "cpe:/a:redhat:openstack:16.2::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenStack Platform", }, { branches: [ { category: "product_version", name: "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", product: { name: "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", product_id: "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", product_identification_helper: { purl: "pkg:oci/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb?arch=amd64&repository_url=registry.redhat.io/rhosp-rhel8-tech-preview/osp-director-downloader&tag=1.2.3-2", }, }, }, { category: "product_version", name: "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", product: { name: "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", product_id: "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", product_identification_helper: { purl: "pkg:oci/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d?arch=amd64&repository_url=registry.redhat.io/rhosp-rhel8-tech-preview/osp-director-operator-bundle&tag=1.2.3-3", }, }, }, { category: "product_version", name: "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", product: { name: "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", product_id: "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", product_identification_helper: { purl: "pkg:oci/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56?arch=amd64&repository_url=registry.redhat.io/rhosp-rhel8-tech-preview/osp-director-operator&tag=1.2.3-2", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64 as a component of Red Hat OpenStack Platform 16.2", product_id: "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", }, product_reference: "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", relates_to_product_reference: "8Base-RHOS-16.2", }, { category: "default_component_of", full_product_name: { name: "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64 as a component of Red Hat OpenStack Platform 16.2", product_id: "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", }, product_reference: "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", relates_to_product_reference: "8Base-RHOS-16.2", }, { category: "default_component_of", full_product_name: { name: "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64 as a component of Red Hat OpenStack Platform 16.2", product_id: "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", }, product_reference: "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", relates_to_product_reference: "8Base-RHOS-16.2", }, ], }, vulnerabilities: [ { cve: "CVE-2019-11253", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-10-01T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1757701", }, ], notes: [ { category: "description", text: "A flaw was found kubernetes. The parsing of YAML manifests by the Kubernetes API server could lead to a denial-of-service attack leaving it vulnerable to an instance of a \"billion laughs\" attack. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote denial of service", title: "Vulnerability summary", }, { category: "other", text: "For Red Hat OpenStack Platform, because kubernetes is not directly used in director-operator, the RHOSP Impact has been moved to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], known_not_affected: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11253", }, { category: "external", summary: "RHBZ#1757701", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1757701", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11253", url: "https://www.cve.org/CVERecord?id=CVE-2019-11253", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11253", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11253", }, { category: "external", summary: "https://www.stackrox.com/post/2019/09/protecting-kubernetes-api-against-cve-2019-11253-billion-laughs-attack/", url: "https://www.stackrox.com/post/2019/09/protecting-kubernetes-api-against-cve-2019-11253-billion-laughs-attack/", }, ], release_date: "2019-09-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-05-11T11:33:14+00:00", details: "OSP 16.2 Release - OSP Director Operator Containers tech preview", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:2183", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote denial of service", }, { cve: "CVE-2019-19794", cwe: { id: "CWE-338", name: "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", }, discovery_date: "2019-12-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1786761", }, ], notes: [ { category: "description", text: "The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.", title: "Vulnerability description", }, { category: "summary", text: "golang-github-miekg-dns: predictable TXID can lead to response forgeries", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], known_not_affected: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-19794", }, { category: "external", summary: "RHBZ#1786761", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1786761", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-19794", url: "https://www.cve.org/CVERecord?id=CVE-2019-19794", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-19794", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-19794", }, ], release_date: "2019-12-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-05-11T11:33:14+00:00", details: "OSP 16.2 Release - OSP Director Operator Containers tech preview", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:2183", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-github-miekg-dns: predictable TXID can lead to response forgeries", }, { cve: "CVE-2020-15257", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, discovery_date: "2020-11-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1899487", }, ], notes: [ { category: "description", text: "A flaw was found in containerd. Access controls for the shim's API socket verified that a connecting process had an effective UID of 0, but otherwise did not restrict access to the abstract Unix domain socket. This could allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", title: "Vulnerability description", }, { category: "summary", text: "containerd: unrestricted access to abstract Unix domain socket can lead to privileges escalation", title: "Vulnerability summary", }, { category: "other", text: "* The container runtime in OpenShift Container Platform 4 is cri-o which is not affected by this flaw. It doesn't make use of abstract unix sockets like containerd, which lead to this vulnerability being possible.\n\n* Red Hat Advanced Cluster Management for Kubernetes is not affected by this flaw. While containerd is included in the multicloud-operators-subscription image as a dependency of helm, it is not used in any way that exposes the abstract unix socket that is involved in this vulnerability.\n\n* The container-tools module in Red Hat Enterprise Linux is not affected by this flaw as these packages do not use abstract unix sockets for container management.\n\n* For Red Hat OpenStack Platform, because containerd is not actually used in director-operator, the RHOSP Impact has been moved to Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], known_not_affected: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-15257", }, { category: "external", summary: "RHBZ#1899487", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1899487", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-15257", url: "https://www.cve.org/CVERecord?id=CVE-2020-15257", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-15257", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-15257", }, ], release_date: "2020-11-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-05-11T11:33:14+00:00", details: "OSP 16.2 Release - OSP Director Operator Containers tech preview", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:2183", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "containerd: unrestricted access to abstract Unix domain socket can lead to privileges escalation", }, { cve: "CVE-2021-29482", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-04-28T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1954368", }, ], notes: [ { category: "description", text: "A flaw was found in github.com/ulikunitz/xz. The function readUvarint may not terminate a loop what could lead to denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are behind OpenShift OAuth authentication, therefore the impact is low.\nIn OCP before 4.7 the buildah, skopeo and podman packages include vulnerable version of github.com/ulikunitz/xz, but these OCP releases are already in the Maintenance Phase of the support, hence affected components are marked as wontfix. This may be fixed in the future.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], known_not_affected: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-29482", }, { category: "external", summary: "RHBZ#1954368", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954368", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-29482", url: "https://www.cve.org/CVERecord?id=CVE-2021-29482", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-29482", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-29482", }, ], release_date: "2020-08-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-05-11T11:33:14+00:00", details: "OSP 16.2 Release - OSP Director Operator Containers tech preview", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:2183", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service", }, { acknowledgments: [ { names: [ "distros", ], organization: "distros", }, ], cve: "CVE-2021-32760", cwe: { id: "CWE-281", name: "Improper Preservation of Permissions", }, discovery_date: "2021-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1982681", }, ], notes: [ { category: "description", text: "A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.", title: "Vulnerability description", }, { category: "summary", text: "containerd: pulling and extracting crafted container image may result in Unix file permission changes", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], known_not_affected: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-32760", }, { category: "external", summary: "RHBZ#1982681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1982681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-32760", url: "https://www.cve.org/CVERecord?id=CVE-2021-32760", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-32760", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-32760", }, ], release_date: "2021-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-05-11T11:33:14+00:00", details: "OSP 16.2 Release - OSP Director Operator Containers tech preview", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:2183", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "containerd: pulling and extracting crafted container image may result in Unix file permission changes", }, ], }
RHSA-2023:5952
Vulnerability from csaf_redhat
Published
2023-10-19 22:22
Modified
2025-03-27 23:09
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh for 2.4.4 security update
Notes
Topic
An update is now available for Red Hat OpenShift Service Mesh 2.4 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)
* buildkit: Data disclosure in provenance attestation describing a build (CVE-2023-26054)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat OpenShift Service Mesh 2.4 for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)\n\n* buildkit: Data disclosure in provenance attestation describing a build (CVE-2023-26054)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5952", url: "https://access.redhat.com/errata/RHSA-2023:5952", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", url: "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", }, { category: "external", summary: "1982681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1982681", }, { category: "external", summary: "2176447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2176447", }, { category: "external", summary: "2242010", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242010", }, { category: "external", summary: "2243296", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", }, { category: "external", summary: "OSSM-3771", url: "https://issues.redhat.com/browse/OSSM-3771", }, { category: "external", summary: "OSSM-4851", url: "https://issues.redhat.com/browse/OSSM-4851", }, { category: "external", summary: "OSSM-4873", url: "https://issues.redhat.com/browse/OSSM-4873", }, { category: "external", summary: "OSSM-4957", url: "https://issues.redhat.com/browse/OSSM-4957", }, { category: "external", summary: "OSSM-4963", url: "https://issues.redhat.com/browse/OSSM-4963", }, { category: "external", summary: "OSSM-5022", url: "https://issues.redhat.com/browse/OSSM-5022", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5952.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Service Mesh for 2.4.4 security update", tracking: { current_release_date: "2025-03-27T23:09:46+00:00", generator: { date: "2025-03-27T23:09:46+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2023:5952", initial_release_date: "2023-10-19T22:22:44+00:00", revision_history: [ { date: "2023-10-19T22:22:44+00:00", number: "1", summary: "Initial version", }, { date: "2023-10-19T22:22:44+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-27T23:09:46+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHOSSM 2.4 for RHEL 8", product: { name: "RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.4::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Service Mesh", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.4.4-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.65.9-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.65.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.4.4-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.4.4-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.4.4-2", }, }, }, ], category: "architecture", name: "arm64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", product_id: "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.4.4-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.65.9-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.65.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.4.4-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.4.4-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", product_id: "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.4.4-2", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.4.4-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.65.9-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.65.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.4.4-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.4.4-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.4.4-2", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", product_id: "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.4.4-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", product_id: "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.65.9-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.65.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.4.4-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.4.4-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", product_id: "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.4.4-2", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "distros", ], organization: "distros", }, ], cve: "CVE-2021-32760", cwe: { id: "CWE-281", name: "Improper Preservation of Permissions", }, discovery_date: "2021-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1982681", }, ], notes: [ { category: "description", text: "A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.", title: "Vulnerability description", }, { category: "summary", text: "containerd: pulling and extracting crafted container image may result in Unix file permission changes", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-32760", }, { category: "external", summary: "RHBZ#1982681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1982681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-32760", url: "https://www.cve.org/CVERecord?id=CVE-2021-32760", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-32760", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-32760", }, ], release_date: "2021-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-10-19T22:22:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5952", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "containerd: pulling and extracting crafted container image may result in Unix file permission changes", }, { cve: "CVE-2023-26054", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-03-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2176447", }, ], notes: [ { category: "description", text: "A flaw was found in the moby buildkit. When a build is performed under specific conditions where credentials were passed to BuildKit, it may be visible to everyone with access to provenance attestation.", title: "Vulnerability description", }, { category: "summary", text: "buildkit: Data disclosure in provenance attestation describing a build", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-26054", }, { category: "external", summary: "RHBZ#2176447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2176447", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-26054", url: "https://www.cve.org/CVERecord?id=CVE-2023-26054", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-26054", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26054", }, { category: "external", summary: "https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc", url: "https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc", }, ], release_date: "2023-03-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-10-19T22:22:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5952", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "buildkit: Data disclosure in provenance attestation describing a build", }, { cve: "CVE-2023-39325", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-10-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2243296", }, ], notes: [ { category: "description", text: "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", title: "Vulnerability summary", }, { category: "other", text: "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39325", }, { category: "external", summary: "RHBZ#2243296", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", }, { category: "external", summary: "RHSB-2023-003", url: "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39325", url: "https://www.cve.org/CVERecord?id=CVE-2023-39325", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2023-44487", url: "https://access.redhat.com/security/cve/CVE-2023-44487", }, { category: "external", summary: "https://go.dev/issue/63417", url: "https://go.dev/issue/63417", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2023-2102", url: "https://pkg.go.dev/vuln/GO-2023-2102", }, { category: "external", summary: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", }, ], release_date: "2023-10-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-10-19T22:22:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5952", }, { category: "workaround", details: "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", }, ], }
rhsa-2023:5952
Vulnerability from csaf_redhat
Published
2023-10-19 22:22
Modified
2025-03-27 23:09
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh for 2.4.4 security update
Notes
Topic
An update is now available for Red Hat OpenShift Service Mesh 2.4 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)
* buildkit: Data disclosure in provenance attestation describing a build (CVE-2023-26054)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat OpenShift Service Mesh 2.4 for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)\n\n* buildkit: Data disclosure in provenance attestation describing a build (CVE-2023-26054)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:5952", url: "https://access.redhat.com/errata/RHSA-2023:5952", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", url: "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", }, { category: "external", summary: "1982681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1982681", }, { category: "external", summary: "2176447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2176447", }, { category: "external", summary: "2242010", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242010", }, { category: "external", summary: "2243296", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", }, { category: "external", summary: "OSSM-3771", url: "https://issues.redhat.com/browse/OSSM-3771", }, { category: "external", summary: "OSSM-4851", url: "https://issues.redhat.com/browse/OSSM-4851", }, { category: "external", summary: "OSSM-4873", url: "https://issues.redhat.com/browse/OSSM-4873", }, { category: "external", summary: "OSSM-4957", url: "https://issues.redhat.com/browse/OSSM-4957", }, { category: "external", summary: "OSSM-4963", url: "https://issues.redhat.com/browse/OSSM-4963", }, { category: "external", summary: "OSSM-5022", url: "https://issues.redhat.com/browse/OSSM-5022", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5952.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Service Mesh for 2.4.4 security update", tracking: { current_release_date: "2025-03-27T23:09:46+00:00", generator: { date: "2025-03-27T23:09:46+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2023:5952", initial_release_date: "2023-10-19T22:22:44+00:00", revision_history: [ { date: "2023-10-19T22:22:44+00:00", number: "1", summary: "Initial version", }, { date: "2023-10-19T22:22:44+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-27T23:09:46+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHOSSM 2.4 for RHEL 8", product: { name: "RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.4::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Service Mesh", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.4.4-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.65.9-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.65.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.4.4-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.4.4-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.4.4-2", }, }, }, ], category: "architecture", name: "arm64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", product_id: "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.4.4-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.65.9-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.65.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.4.4-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.4.4-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", product_id: "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.4.4-2", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.4.4-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.65.9-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.65.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.4.4-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.4.4-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.4.4-2", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", product_id: "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.4.4-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", product_id: "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.65.9-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.65.9-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.4.4-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.4.4-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", product_id: "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", product: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", product_id: "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8&tag=2.4.4-5", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.4.4-2", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", }, product_reference: "openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", relates_to_product_reference: "8Base-RHOSSM-2.4", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64 as a component of RHOSSM 2.4 for RHEL 8", product_id: "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", relates_to_product_reference: "8Base-RHOSSM-2.4", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "distros", ], organization: "distros", }, ], cve: "CVE-2021-32760", cwe: { id: "CWE-281", name: "Improper Preservation of Permissions", }, discovery_date: "2021-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1982681", }, ], notes: [ { category: "description", text: "A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.", title: "Vulnerability description", }, { category: "summary", text: "containerd: pulling and extracting crafted container image may result in Unix file permission changes", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-32760", }, { category: "external", summary: "RHBZ#1982681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1982681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-32760", url: "https://www.cve.org/CVERecord?id=CVE-2021-32760", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-32760", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-32760", }, ], release_date: "2021-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-10-19T22:22:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5952", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "containerd: pulling and extracting crafted container image may result in Unix file permission changes", }, { cve: "CVE-2023-26054", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-03-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2176447", }, ], notes: [ { category: "description", text: "A flaw was found in the moby buildkit. When a build is performed under specific conditions where credentials were passed to BuildKit, it may be visible to everyone with access to provenance attestation.", title: "Vulnerability description", }, { category: "summary", text: "buildkit: Data disclosure in provenance attestation describing a build", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-26054", }, { category: "external", summary: "RHBZ#2176447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2176447", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-26054", url: "https://www.cve.org/CVERecord?id=CVE-2023-26054", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-26054", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26054", }, { category: "external", summary: "https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc", url: "https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc", }, ], release_date: "2023-03-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-10-19T22:22:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5952", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "buildkit: Data disclosure in provenance attestation describing a build", }, { cve: "CVE-2023-39325", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-10-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2243296", }, ], notes: [ { category: "description", text: "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", title: "Vulnerability summary", }, { category: "other", text: "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39325", }, { category: "external", summary: "RHBZ#2243296", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", }, { category: "external", summary: "RHSB-2023-003", url: "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39325", url: "https://www.cve.org/CVERecord?id=CVE-2023-39325", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2023-44487", url: "https://access.redhat.com/security/cve/CVE-2023-44487", }, { category: "external", summary: "https://go.dev/issue/63417", url: "https://go.dev/issue/63417", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2023-2102", url: "https://pkg.go.dev/vuln/GO-2023-2102", }, { category: "external", summary: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", }, ], release_date: "2023-10-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-10-19T22:22:44+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:5952", }, { category: "workaround", details: "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", product_ids: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:16bd0b018e8963d4ae6d7de1a708957df32b3742c7f17332307d49e2a27c6f89_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:1748793c68ec25241a013f174ff8e23216f7423f0ec7c2993e0caf014645769e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:63ca6224c3093d46d11560f9da7fec7d678d6e8a7ceac1affdcca5c42ac515ae_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a38e77c4fed992fa7333cecb0da33c37eb258b733646b2126a74abf26fe05463_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:7aac4c38673741ca0bdc2ea79c04462ae58b1721f6b7cfbaf3105ebbbea01b70_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:a02b2316e1f1c5728602050222927845d909665050eb72d939ae23150e621f81_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:cc74f8b7aa9fefd2f01f8dbf5a7a5d40d1665d0e38981db034727ecca0546a4f_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:f0cedac077b6b8722c4dcc92d2fdbff1f4c7d39ed9726f8f5bd391702c5d8bf1_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:25ae7e232a09401ec0a723d851ce18b9f2ec6c7483ee7752b3bf2ff282faf042_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:756587b46c3153f7c142a2b8d7652bc3904f907a2e3a2ea2ba3ed19a2e57c761_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:a88f990d3f7b9deecafb830a73e8a96ff4fd8fd3d3eda119eddc6fa73ee57716_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:bd5219b2280e0c26e25f270aea1194b6d22f34d9b003a8b31b2bb578be055411_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:0ebfeced4b015fd7fbf8f22fe011f65045a37d8931ddd9a7a5edf9c1bc07b9eb_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:1a91f1785414e7adb5ce7056eb0767c0fea4e8c3f266bb4d126987fe6d69f1db_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:2065d9d04eed3ec4bb67557692adc02250d6a66a04478562883932204036e603_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:58d727f8226552a988b037709731aa05f72781bd2a025cf6f777dc0c9151e06e_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:011b879576fe0f0fc3d8dd9eb8b0748ba2b6f938b487fc91c3b594ea0a8d13d6_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:2dcb1f61e124e769bc4088be99a9b2609706004869e7532d0b7f69a967294f9a_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:d905ae2fb3756f342317e62c195a07ed84bd02b39e75971b3de3ecdad18e017a_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:efe543762053890aa8b627ba4dafb6a3820b8fd6e8a2bb0cc76b8997035ae4d9_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:11d69d75236df90918ba030d00806939c4b2d6998a8d6d73d71d764042e01358_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:9faf9a44ab318f14fa2dab4994112a0df657affa80ce40499c35a88b596a44b6_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c77aec7474d57257b6f75007f9411dcee4e6d4f90149b1625fab2601ea5a5924_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:d7c9c06e7a10026c991c58e3e69de0707315493c988a563af0ca1808eff8443b_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:42ee3b2fcfca713d836e3ca977acbf4c9cddde15095b21d173bacc9445b1a0ea_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:6554054dd70a3f7720c08aa9d9a9fd537b9c2034fa4faa3259ecc6f93e88a6e7_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:69015bb4efdbbc25ce6561370ee19e48e96fbb70ce89ff98c3bb975c0d0c694c_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c3dc9de0e2466b0566bf7ebe2c5a5d79740655e64334fbd3b4677da9e8b6569b_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:1fce71e399a6c093adc2348f1ce4c63daf64bc8485abaafd77b17baad9955417_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:715ee6670f7207604e5f57aecbf44876eba91cf0fbbf32407351619e571a76e4_amd64", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:77158dcbccb29a6dea421a3b04b21d80608d5ed4d8fa9aba92d58c74665f9d3e_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e106aea760895aa81cf7edf938e3fa5a4d6d3e5fb8e9ea6b914ab93418d34edf_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:386e891ab42fc79ba33fb1d57afccfc18067d17432a53ec8634c820723fa9035_arm64", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6116d28cc0ea50c28250d15f10424227be7d69ab145cc0361c5dd9f14fe5f928_ppc64le", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:6f0cc71a345c7199f87e6aa68682d98acd2d59707d2f329cd51ecaef7a76be9e_s390x", "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:acc92c8fc81149f2cd8ae95cb3cfaf8d6fe180cf5e28430524742580d48b3d42_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", }, ], }
RHSA-2022:2183
Vulnerability from csaf_redhat
Published
2022-05-11 11:33
Modified
2025-03-27 23:05
Summary
Red Hat Security Advisory: Release of containers for OSP 16.2.z director operator tech preview
Notes
Topic
Red Hat OpenStack Platform 16.2 (Train) director Operator containers are
available for technology preview.
Details
Release osp-director-operator images
Security Fix(es):
* golang: kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote (CVE-2019-11253)
* golang: golang-github-miekg-dns: predictable TXID can lead to response forgeries (CVE-2019-19794)
* golang: containerd: unrestricted access to abstract Unix domain socket can lead to privileges (CVE-2020-15257)
* golang: ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)
* golang: containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenStack Platform 16.2 (Train) director Operator containers are\navailable for technology preview.", title: "Topic", }, { category: "general", text: "Release osp-director-operator images\n\nSecurity Fix(es):\n\n* golang: kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote (CVE-2019-11253)\n* golang: golang-github-miekg-dns: predictable TXID can lead to response forgeries (CVE-2019-19794)\n* golang: containerd: unrestricted access to abstract Unix domain socket can lead to privileges (CVE-2020-15257)\n* golang: ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)\n* golang: containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:2183", url: "https://access.redhat.com/errata/RHSA-2022:2183", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "1757701", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1757701", }, { category: "external", summary: "1786761", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1786761", }, { category: "external", summary: "1899487", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1899487", }, { category: "external", summary: "1954368", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954368", }, { category: "external", summary: "1982681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1982681", }, { category: "external", summary: "2079447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2079447", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_2183.json", }, ], title: "Red Hat Security Advisory: Release of containers for OSP 16.2.z director operator tech preview", tracking: { current_release_date: "2025-03-27T23:05:10+00:00", generator: { date: "2025-03-27T23:05:10+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:2183", initial_release_date: "2022-05-11T11:33:14+00:00", revision_history: [ { date: "2022-05-11T11:33:14+00:00", number: "1", summary: "Initial version", }, { date: "2022-05-11T11:33:14+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-27T23:05:10+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenStack Platform 16.2", product: { name: "Red Hat OpenStack Platform 16.2", product_id: "8Base-RHOS-16.2", product_identification_helper: { cpe: "cpe:/a:redhat:openstack:16.2::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenStack Platform", }, { branches: [ { category: "product_version", name: "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", product: { name: "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", product_id: "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", product_identification_helper: { purl: "pkg:oci/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb?arch=amd64&repository_url=registry.redhat.io/rhosp-rhel8-tech-preview/osp-director-downloader&tag=1.2.3-2", }, }, }, { category: "product_version", name: "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", product: { name: "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", product_id: "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", product_identification_helper: { purl: "pkg:oci/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d?arch=amd64&repository_url=registry.redhat.io/rhosp-rhel8-tech-preview/osp-director-operator-bundle&tag=1.2.3-3", }, }, }, { category: "product_version", name: "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", product: { name: "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", product_id: "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", product_identification_helper: { purl: "pkg:oci/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56?arch=amd64&repository_url=registry.redhat.io/rhosp-rhel8-tech-preview/osp-director-operator&tag=1.2.3-2", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64 as a component of Red Hat OpenStack Platform 16.2", product_id: "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", }, product_reference: "rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", relates_to_product_reference: "8Base-RHOS-16.2", }, { category: "default_component_of", full_product_name: { name: "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64 as a component of Red Hat OpenStack Platform 16.2", product_id: "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", }, product_reference: "rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", relates_to_product_reference: "8Base-RHOS-16.2", }, { category: "default_component_of", full_product_name: { name: "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64 as a component of Red Hat OpenStack Platform 16.2", product_id: "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", }, product_reference: "rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", relates_to_product_reference: "8Base-RHOS-16.2", }, ], }, vulnerabilities: [ { cve: "CVE-2019-11253", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2019-10-01T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1757701", }, ], notes: [ { category: "description", text: "A flaw was found kubernetes. The parsing of YAML manifests by the Kubernetes API server could lead to a denial-of-service attack leaving it vulnerable to an instance of a \"billion laughs\" attack. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote denial of service", title: "Vulnerability summary", }, { category: "other", text: "For Red Hat OpenStack Platform, because kubernetes is not directly used in director-operator, the RHOSP Impact has been moved to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], known_not_affected: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-11253", }, { category: "external", summary: "RHBZ#1757701", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1757701", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-11253", url: "https://www.cve.org/CVERecord?id=CVE-2019-11253", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-11253", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-11253", }, { category: "external", summary: "https://www.stackrox.com/post/2019/09/protecting-kubernetes-api-against-cve-2019-11253-billion-laughs-attack/", url: "https://www.stackrox.com/post/2019/09/protecting-kubernetes-api-against-cve-2019-11253-billion-laughs-attack/", }, ], release_date: "2019-09-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-05-11T11:33:14+00:00", details: "OSP 16.2 Release - OSP Director Operator Containers tech preview", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:2183", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: YAML parsing vulnerable to \"Billion Laughs\" attack, allowing for remote denial of service", }, { cve: "CVE-2019-19794", cwe: { id: "CWE-338", name: "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", }, discovery_date: "2019-12-27T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1786761", }, ], notes: [ { category: "description", text: "The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.", title: "Vulnerability description", }, { category: "summary", text: "golang-github-miekg-dns: predictable TXID can lead to response forgeries", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], known_not_affected: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-19794", }, { category: "external", summary: "RHBZ#1786761", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1786761", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-19794", url: "https://www.cve.org/CVERecord?id=CVE-2019-19794", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-19794", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-19794", }, ], release_date: "2019-12-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-05-11T11:33:14+00:00", details: "OSP 16.2 Release - OSP Director Operator Containers tech preview", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:2183", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-github-miekg-dns: predictable TXID can lead to response forgeries", }, { cve: "CVE-2020-15257", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, discovery_date: "2020-11-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1899487", }, ], notes: [ { category: "description", text: "A flaw was found in containerd. Access controls for the shim's API socket verified that a connecting process had an effective UID of 0, but otherwise did not restrict access to the abstract Unix domain socket. This could allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", title: "Vulnerability description", }, { category: "summary", text: "containerd: unrestricted access to abstract Unix domain socket can lead to privileges escalation", title: "Vulnerability summary", }, { category: "other", text: "* The container runtime in OpenShift Container Platform 4 is cri-o which is not affected by this flaw. It doesn't make use of abstract unix sockets like containerd, which lead to this vulnerability being possible.\n\n* Red Hat Advanced Cluster Management for Kubernetes is not affected by this flaw. While containerd is included in the multicloud-operators-subscription image as a dependency of helm, it is not used in any way that exposes the abstract unix socket that is involved in this vulnerability.\n\n* The container-tools module in Red Hat Enterprise Linux is not affected by this flaw as these packages do not use abstract unix sockets for container management.\n\n* For Red Hat OpenStack Platform, because containerd is not actually used in director-operator, the RHOSP Impact has been moved to Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], known_not_affected: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-15257", }, { category: "external", summary: "RHBZ#1899487", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1899487", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-15257", url: "https://www.cve.org/CVERecord?id=CVE-2020-15257", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-15257", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-15257", }, ], release_date: "2020-11-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-05-11T11:33:14+00:00", details: "OSP 16.2 Release - OSP Director Operator Containers tech preview", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:2183", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "containerd: unrestricted access to abstract Unix domain socket can lead to privileges escalation", }, { cve: "CVE-2021-29482", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-04-28T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1954368", }, ], notes: [ { category: "description", text: "A flaw was found in github.com/ulikunitz/xz. The function readUvarint may not terminate a loop what could lead to denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are behind OpenShift OAuth authentication, therefore the impact is low.\nIn OCP before 4.7 the buildah, skopeo and podman packages include vulnerable version of github.com/ulikunitz/xz, but these OCP releases are already in the Maintenance Phase of the support, hence affected components are marked as wontfix. This may be fixed in the future.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], known_not_affected: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-29482", }, { category: "external", summary: "RHBZ#1954368", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954368", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-29482", url: "https://www.cve.org/CVERecord?id=CVE-2021-29482", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-29482", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-29482", }, ], release_date: "2020-08-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-05-11T11:33:14+00:00", details: "OSP 16.2 Release - OSP Director Operator Containers tech preview", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:2183", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service", }, { acknowledgments: [ { names: [ "distros", ], organization: "distros", }, ], cve: "CVE-2021-32760", cwe: { id: "CWE-281", name: "Improper Preservation of Permissions", }, discovery_date: "2021-07-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1982681", }, ], notes: [ { category: "description", text: "A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.", title: "Vulnerability description", }, { category: "summary", text: "containerd: pulling and extracting crafted container image may result in Unix file permission changes", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], known_not_affected: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-32760", }, { category: "external", summary: "RHBZ#1982681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1982681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-32760", url: "https://www.cve.org/CVERecord?id=CVE-2021-32760", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-32760", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-32760", }, ], release_date: "2021-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-05-11T11:33:14+00:00", details: "OSP 16.2 Release - OSP Director Operator Containers tech preview", product_ids: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:2183", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-downloader@sha256:d3915d621da43f74f177a3dd416fb89e3bb66dd58d2d915243fcf6102ffc9fdb_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:dcf25f95c2a758e097d1e344d6f46b43b6050b6f4a70587eacee34430823595d_amd64", "8Base-RHOS-16.2:rhosp-rhel8-tech-preview/osp-director-operator@sha256:95957e8ab5c45d5bcf35f8c59d5748e3ed8d5ab2db0d46fce46b376217e23d56_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "containerd: pulling and extracting crafted container image may result in Unix file permission changes", }, ], }
opensuse-su-2024:11619-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
trivy-0.20.2-1.1 on GA media
Notes
Title of the patch
trivy-0.20.2-1.1 on GA media
Description of the patch
These are all security issues fixed in the trivy-0.20.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11619
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "trivy-0.20.2-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the trivy-0.20.2-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11619", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11619-1.json", }, { category: "self", summary: "SUSE CVE CVE-2021-32760 page", url: "https://www.suse.com/security/cve/CVE-2021-32760/", }, ], title: "trivy-0.20.2-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11619-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "trivy-0.20.2-1.1.aarch64", product: { name: "trivy-0.20.2-1.1.aarch64", product_id: "trivy-0.20.2-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "trivy-0.20.2-1.1.ppc64le", product: { name: "trivy-0.20.2-1.1.ppc64le", product_id: "trivy-0.20.2-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "trivy-0.20.2-1.1.s390x", product: { name: "trivy-0.20.2-1.1.s390x", product_id: "trivy-0.20.2-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "trivy-0.20.2-1.1.x86_64", product: { name: "trivy-0.20.2-1.1.x86_64", product_id: "trivy-0.20.2-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "trivy-0.20.2-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:trivy-0.20.2-1.1.aarch64", }, product_reference: "trivy-0.20.2-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "trivy-0.20.2-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:trivy-0.20.2-1.1.ppc64le", }, product_reference: "trivy-0.20.2-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "trivy-0.20.2-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:trivy-0.20.2-1.1.s390x", }, product_reference: "trivy-0.20.2-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "trivy-0.20.2-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:trivy-0.20.2-1.1.x86_64", }, product_reference: "trivy-0.20.2-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2021-32760", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-32760", }, ], notes: [ { category: "general", text: "containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:trivy-0.20.2-1.1.aarch64", "openSUSE Tumbleweed:trivy-0.20.2-1.1.ppc64le", "openSUSE Tumbleweed:trivy-0.20.2-1.1.s390x", "openSUSE Tumbleweed:trivy-0.20.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-32760", url: "https://www.suse.com/security/cve/CVE-2021-32760", }, { category: "external", summary: "SUSE Bug 1188282 for CVE-2021-32760", url: "https://bugzilla.suse.com/1188282", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:trivy-0.20.2-1.1.aarch64", "openSUSE Tumbleweed:trivy-0.20.2-1.1.ppc64le", "openSUSE Tumbleweed:trivy-0.20.2-1.1.s390x", "openSUSE Tumbleweed:trivy-0.20.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:trivy-0.20.2-1.1.aarch64", "openSUSE Tumbleweed:trivy-0.20.2-1.1.ppc64le", "openSUSE Tumbleweed:trivy-0.20.2-1.1.s390x", "openSUSE Tumbleweed:trivy-0.20.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2021-32760", }, ], }
opensuse-su-2021:2412-1
Vulnerability from csaf_opensuse
Published
2021-07-20 13:25
Modified
2021-07-20 13:25
Summary
Security update for containerd
Notes
Title of the patch
Security update for containerd
Description of the patch
This update for containerd fixes the following issues:
- CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. (bsc#1188282)
Patchnames
openSUSE-SLE-15.3-2021-2412
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for containerd", title: "Title of the patch", }, { category: "description", text: "This update for containerd fixes the following issues:\n\n- CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. (bsc#1188282)\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-SLE-15.3-2021-2412", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_2412-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2021:2412-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KOVJMTDKAFMTONFNVO7Z327OFE52V7FK/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2021:2412-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KOVJMTDKAFMTONFNVO7Z327OFE52V7FK/", }, { category: "self", summary: "SUSE Bug 1188282", url: "https://bugzilla.suse.com/1188282", }, { category: "self", summary: "SUSE CVE CVE-2021-32760 page", url: "https://www.suse.com/security/cve/CVE-2021-32760/", }, ], title: "Security update for containerd", tracking: { current_release_date: "2021-07-20T13:25:45Z", generator: { date: "2021-07-20T13:25:45Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2021:2412-1", initial_release_date: "2021-07-20T13:25:45Z", revision_history: [ { date: "2021-07-20T13:25:45Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "containerd-1.4.4-5.36.1.aarch64", product: { name: "containerd-1.4.4-5.36.1.aarch64", product_id: "containerd-1.4.4-5.36.1.aarch64", }, }, { category: "product_version", name: "containerd-ctr-1.4.4-5.36.1.aarch64", product: { name: "containerd-ctr-1.4.4-5.36.1.aarch64", product_id: "containerd-ctr-1.4.4-5.36.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "containerd-1.4.4-5.36.1.ppc64le", product: { name: "containerd-1.4.4-5.36.1.ppc64le", product_id: "containerd-1.4.4-5.36.1.ppc64le", }, }, { category: "product_version", name: "containerd-ctr-1.4.4-5.36.1.ppc64le", product: { name: "containerd-ctr-1.4.4-5.36.1.ppc64le", product_id: "containerd-ctr-1.4.4-5.36.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "containerd-1.4.4-5.36.1.s390x", product: { name: "containerd-1.4.4-5.36.1.s390x", product_id: "containerd-1.4.4-5.36.1.s390x", }, }, { category: "product_version", name: "containerd-ctr-1.4.4-5.36.1.s390x", product: { name: "containerd-ctr-1.4.4-5.36.1.s390x", product_id: "containerd-ctr-1.4.4-5.36.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "containerd-1.4.4-5.36.1.x86_64", product: { name: "containerd-1.4.4-5.36.1.x86_64", product_id: "containerd-1.4.4-5.36.1.x86_64", }, }, { category: "product_version", name: "containerd-ctr-1.4.4-5.36.1.x86_64", product: { name: "containerd-ctr-1.4.4-5.36.1.x86_64", product_id: "containerd-ctr-1.4.4-5.36.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "containerd-1.4.4-5.36.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-1.4.4-5.36.1.aarch64", }, product_reference: "containerd-1.4.4-5.36.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.4-5.36.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-1.4.4-5.36.1.ppc64le", }, product_reference: "containerd-1.4.4-5.36.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.4-5.36.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-1.4.4-5.36.1.s390x", }, product_reference: "containerd-1.4.4-5.36.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.4-5.36.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-1.4.4-5.36.1.x86_64", }, product_reference: "containerd-1.4.4-5.36.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.4-5.36.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.36.1.aarch64", }, product_reference: "containerd-ctr-1.4.4-5.36.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.4-5.36.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.36.1.ppc64le", }, product_reference: "containerd-ctr-1.4.4-5.36.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.4-5.36.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.36.1.s390x", }, product_reference: "containerd-ctr-1.4.4-5.36.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.4-5.36.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.36.1.x86_64", }, product_reference: "containerd-ctr-1.4.4-5.36.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, ], }, vulnerabilities: [ { cve: "CVE-2021-32760", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-32760", }, ], notes: [ { category: "general", text: "containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:containerd-1.4.4-5.36.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.4-5.36.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.4-5.36.1.s390x", "openSUSE Leap 15.3:containerd-1.4.4-5.36.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.36.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.36.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.36.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.36.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-32760", url: "https://www.suse.com/security/cve/CVE-2021-32760", }, { category: "external", summary: "SUSE Bug 1188282 for CVE-2021-32760", url: "https://bugzilla.suse.com/1188282", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:containerd-1.4.4-5.36.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.4-5.36.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.4-5.36.1.s390x", "openSUSE Leap 15.3:containerd-1.4.4-5.36.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.36.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.36.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.36.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.36.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Leap 15.3:containerd-1.4.4-5.36.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.4-5.36.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.4-5.36.1.s390x", "openSUSE Leap 15.3:containerd-1.4.4-5.36.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.36.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.36.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.36.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.4-5.36.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-07-20T13:25:45Z", details: "low", }, ], title: "CVE-2021-32760", }, ], }
opensuse-su-2024:10693-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
containerd-1.4.8-2.2 on GA media
Notes
Title of the patch
containerd-1.4.8-2.2 on GA media
Description of the patch
These are all security issues fixed in the containerd-1.4.8-2.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10693
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "containerd-1.4.8-2.2 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the containerd-1.4.8-2.2 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10693", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10693-1.json", }, { category: "self", summary: "SUSE CVE CVE-2016-9962 page", url: "https://www.suse.com/security/cve/CVE-2016-9962/", }, { category: "self", summary: "SUSE CVE CVE-2018-16873 page", url: "https://www.suse.com/security/cve/CVE-2018-16873/", }, { category: "self", summary: "SUSE CVE CVE-2018-16874 page", url: "https://www.suse.com/security/cve/CVE-2018-16874/", }, { category: "self", summary: "SUSE CVE CVE-2018-16875 page", url: "https://www.suse.com/security/cve/CVE-2018-16875/", }, { category: "self", summary: "SUSE CVE CVE-2019-5736 page", url: "https://www.suse.com/security/cve/CVE-2019-5736/", }, { category: "self", summary: "SUSE CVE CVE-2020-15157 page", url: "https://www.suse.com/security/cve/CVE-2020-15157/", }, { category: "self", summary: "SUSE CVE CVE-2020-15257 page", url: "https://www.suse.com/security/cve/CVE-2020-15257/", }, { category: "self", summary: "SUSE CVE CVE-2021-21334 page", url: "https://www.suse.com/security/cve/CVE-2021-21334/", }, { category: "self", summary: "SUSE CVE CVE-2021-32760 page", url: "https://www.suse.com/security/cve/CVE-2021-32760/", }, ], title: "containerd-1.4.8-2.2 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10693-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "containerd-1.4.8-2.2.aarch64", product: { name: "containerd-1.4.8-2.2.aarch64", product_id: "containerd-1.4.8-2.2.aarch64", }, }, { category: "product_version", name: "containerd-ctr-1.4.8-2.2.aarch64", product: { name: "containerd-ctr-1.4.8-2.2.aarch64", product_id: "containerd-ctr-1.4.8-2.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "containerd-1.4.8-2.2.ppc64le", product: { name: "containerd-1.4.8-2.2.ppc64le", product_id: "containerd-1.4.8-2.2.ppc64le", }, }, { category: "product_version", name: "containerd-ctr-1.4.8-2.2.ppc64le", product: { name: "containerd-ctr-1.4.8-2.2.ppc64le", product_id: "containerd-ctr-1.4.8-2.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "containerd-1.4.8-2.2.s390x", product: { name: "containerd-1.4.8-2.2.s390x", product_id: "containerd-1.4.8-2.2.s390x", }, }, { category: "product_version", name: "containerd-ctr-1.4.8-2.2.s390x", product: { name: "containerd-ctr-1.4.8-2.2.s390x", product_id: "containerd-ctr-1.4.8-2.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "containerd-1.4.8-2.2.x86_64", product: { name: "containerd-1.4.8-2.2.x86_64", product_id: "containerd-1.4.8-2.2.x86_64", }, }, { category: "product_version", name: "containerd-ctr-1.4.8-2.2.x86_64", product: { name: "containerd-ctr-1.4.8-2.2.x86_64", product_id: "containerd-ctr-1.4.8-2.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "containerd-1.4.8-2.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", }, product_reference: "containerd-1.4.8-2.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.8-2.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", }, product_reference: "containerd-1.4.8-2.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.8-2.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", }, product_reference: "containerd-1.4.8-2.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.8-2.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", }, product_reference: "containerd-1.4.8-2.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.8-2.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", }, product_reference: "containerd-ctr-1.4.8-2.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.8-2.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", }, product_reference: "containerd-ctr-1.4.8-2.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.8-2.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", }, product_reference: "containerd-ctr-1.4.8-2.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.8-2.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", }, product_reference: "containerd-ctr-1.4.8-2.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2016-9962", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9962", }, ], notes: [ { category: "general", text: "RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9962", url: "https://www.suse.com/security/cve/CVE-2016-9962", }, { category: "external", summary: "SUSE Bug 1012568 for CVE-2016-9962", url: "https://bugzilla.suse.com/1012568", }, { category: "external", summary: "SUSE Bug 1173425 for CVE-2016-9962", url: "https://bugzilla.suse.com/1173425", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-9962", }, { cve: "CVE-2018-16873", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16873", }, ], notes: [ { category: "general", text: "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it's possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16873", url: "https://www.suse.com/security/cve/CVE-2018-16873", }, { category: "external", summary: "SUSE Bug 1118897 for CVE-2018-16873", url: "https://bugzilla.suse.com/1118897", }, { category: "external", summary: "SUSE Bug 1118898 for CVE-2018-16873", url: "https://bugzilla.suse.com/1118898", }, { category: "external", summary: "SUSE Bug 1118899 for CVE-2018-16873", url: "https://bugzilla.suse.com/1118899", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-16873", }, { cve: "CVE-2018-16874", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16874", }, ], notes: [ { category: "general", text: "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16874", url: "https://www.suse.com/security/cve/CVE-2018-16874", }, { category: "external", summary: "SUSE Bug 1118897 for CVE-2018-16874", url: "https://bugzilla.suse.com/1118897", }, { category: "external", summary: "SUSE Bug 1118898 for CVE-2018-16874", url: "https://bugzilla.suse.com/1118898", }, { category: "external", summary: "SUSE Bug 1118899 for CVE-2018-16874", url: "https://bugzilla.suse.com/1118899", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-16874", }, { cve: "CVE-2018-16875", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16875", }, ], notes: [ { category: "general", text: "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16875", url: "https://www.suse.com/security/cve/CVE-2018-16875", }, { category: "external", summary: "SUSE Bug 1118897 for CVE-2018-16875", url: "https://bugzilla.suse.com/1118897", }, { category: "external", summary: "SUSE Bug 1118898 for CVE-2018-16875", url: "https://bugzilla.suse.com/1118898", }, { category: "external", summary: "SUSE Bug 1118899 for CVE-2018-16875", url: "https://bugzilla.suse.com/1118899", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-16875", }, { cve: "CVE-2019-5736", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-5736", }, ], notes: [ { category: "general", text: "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-5736", url: "https://www.suse.com/security/cve/CVE-2019-5736", }, { category: "external", summary: "SUSE Bug 1121967 for CVE-2019-5736", url: "https://bugzilla.suse.com/1121967", }, { category: "external", summary: "SUSE Bug 1122185 for CVE-2019-5736", url: "https://bugzilla.suse.com/1122185", }, { category: "external", summary: "SUSE Bug 1173421 for CVE-2019-5736", url: "https://bugzilla.suse.com/1173421", }, { category: "external", summary: "SUSE Bug 1218894 for CVE-2019-5736", url: "https://bugzilla.suse.com/1218894", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-5736", }, { cve: "CVE-2020-15157", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-15157", }, ], notes: [ { category: "general", text: "In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a \"foreign layer\"), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-15157", url: "https://www.suse.com/security/cve/CVE-2020-15157", }, { category: "external", summary: "SUSE Bug 1177598 for CVE-2020-15157", url: "https://bugzilla.suse.com/1177598", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-15157", }, { cve: "CVE-2020-15257", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-15257", }, ], notes: [ { category: "general", text: "containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim's API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the \"host\" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-15257", url: "https://www.suse.com/security/cve/CVE-2020-15257", }, { category: "external", summary: "SUSE Bug 1178969 for CVE-2020-15257", url: "https://bugzilla.suse.com/1178969", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-15257", }, { cve: "CVE-2021-21334", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-21334", }, ], notes: [ { category: "general", text: "In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-21334", url: "https://www.suse.com/security/cve/CVE-2021-21334", }, { category: "external", summary: "SUSE Bug 1183397 for CVE-2021-21334", url: "https://bugzilla.suse.com/1183397", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-21334", }, { cve: "CVE-2021-32760", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-32760", }, ], notes: [ { category: "general", text: "containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-32760", url: "https://www.suse.com/security/cve/CVE-2021-32760", }, { category: "external", summary: "SUSE Bug 1188282 for CVE-2021-32760", url: "https://bugzilla.suse.com/1188282", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2021-32760", }, ], }
opensuse-su-2021:1081-1
Vulnerability from csaf_opensuse
Published
2021-07-23 18:06
Modified
2021-07-23 18:06
Summary
Security update for containerd
Notes
Title of the patch
Security update for containerd
Description of the patch
This update for containerd fixes the following issues:
- CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. (bsc#1188282)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2021-1081
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for containerd", title: "Title of the patch", }, { category: "description", text: "This update for containerd fixes the following issues:\n\n- CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. (bsc#1188282)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2021-1081", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1081-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2021:1081-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JOFB4OTX7BGTKOBQF2ZTPBP4VJT54IQS/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2021:1081-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JOFB4OTX7BGTKOBQF2ZTPBP4VJT54IQS/", }, { category: "self", summary: "SUSE Bug 1188282", url: "https://bugzilla.suse.com/1188282", }, { category: "self", summary: "SUSE CVE CVE-2021-32760 page", url: "https://www.suse.com/security/cve/CVE-2021-32760/", }, ], title: "Security update for containerd", tracking: { current_release_date: "2021-07-23T18:06:07Z", generator: { date: "2021-07-23T18:06:07Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2021:1081-1", initial_release_date: "2021-07-23T18:06:07Z", revision_history: [ { date: "2021-07-23T18:06:07Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "containerd-1.4.4-lp152.2.9.1.x86_64", product: { name: "containerd-1.4.4-lp152.2.9.1.x86_64", product_id: "containerd-1.4.4-lp152.2.9.1.x86_64", }, }, { category: "product_version", name: "containerd-ctr-1.4.4-lp152.2.9.1.x86_64", product: { name: "containerd-ctr-1.4.4-lp152.2.9.1.x86_64", product_id: "containerd-ctr-1.4.4-lp152.2.9.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.2", product: { name: "openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "containerd-1.4.4-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:containerd-1.4.4-lp152.2.9.1.x86_64", }, product_reference: "containerd-1.4.4-lp152.2.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.4-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.9.1.x86_64", }, product_reference: "containerd-ctr-1.4.4-lp152.2.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, ], }, vulnerabilities: [ { cve: "CVE-2021-32760", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-32760", }, ], notes: [ { category: "general", text: "containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:containerd-1.4.4-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-32760", url: "https://www.suse.com/security/cve/CVE-2021-32760", }, { category: "external", summary: "SUSE Bug 1188282 for CVE-2021-32760", url: "https://bugzilla.suse.com/1188282", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:containerd-1.4.4-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Leap 15.2:containerd-1.4.4-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.4-lp152.2.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-07-23T18:06:07Z", details: "low", }, ], title: "CVE-2021-32760", }, ], }
opensuse-su-2021:3506-1
Vulnerability from csaf_opensuse
Published
2021-10-25 08:20
Modified
2021-10-25 08:20
Summary
Security update for containerd, docker, runc
Notes
Title of the patch
Security update for containerd, docker, runc
Description of the patch
This update for containerd, docker, runc fixes the following issues:
Docker was updated to 20.10.9-ce. (bsc#1191355)
See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103
container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355
- CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282)
- Install systemd service file as well (bsc#1190826)
Update to runc v1.0.2. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.2
* Fixed a failure to set CPU quota period in some cases on cgroup v1.
* Fixed the inability to start a container with the 'adding seccomp filter
rule for syscall ...' error, caused by redundant seccomp rules (i.e. those
that has action equal to the default one). Such redundant rules are now
skipped.
* Made release builds reproducible from now on.
* Fixed a rare debug log race in runc init, which can result in occasional
harmful 'failed to decode ...' errors from runc run or exec.
* Fixed the check in cgroup v1 systemd manager if a container needs to be
frozen before Set, and add a setting to skip such freeze unconditionally.
The previous fix for that issue, done in runc 1.0.1, was not working.
Update to runc v1.0.1. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.1
* Fixed occasional runc exec/run failure ('interrupted system call') on an
Azure volume.
* Fixed 'unable to find groups ... token too long' error with /etc/group
containing lines longer than 64K characters.
* cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
frozen. This is a regression in 1.0.0, not affecting runc itself but some
of libcontainer users (e.g Kubernetes).
* cgroupv2: bpf: Ignore inaccessible existing programs in case of
permission error when handling replacement of existing bpf cgroup
programs. This fixes a regression in 1.0.0, where some SELinux
policies would block runc from being able to run entirely.
* cgroup/systemd/v2: don't freeze cgroup on Set.
* cgroup/systemd/v1: avoid unnecessary freeze on Set.
- fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704
Update to runc v1.0.0. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0
! The usage of relative paths for mountpoints will now produce a warning
(such configurations are outside of the spec, and in future runc will
produce an error when given such configurations).
* cgroupv2: devices: rework the filter generation to produce consistent
results with cgroupv1, and always clobber any existing eBPF
program(s) to fix runc update and avoid leaking eBPF programs
(resulting in errors when managing containers).
* cgroupv2: correctly convert 'number of IOs' statistics in a
cgroupv1-compatible way.
* cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
* cgroupv2: wait for freeze to finish before returning from the freezing
code, optimize the method for checking whether a cgroup is frozen.
* cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94
* cgroups/systemd: fixed returning 'unit already exists' error from a systemd
cgroup manager (regression in rc94)
+ cgroupv2: support SkipDevices with systemd driver
+ cgroup/systemd: return, not ignore, stop unit error from Destroy
+ Make 'runc --version' output sane even when built with go get or
otherwise outside of our build scripts.
+ cgroups: set SkipDevices during runc update (so we don't modify
cgroups at all during runc update).
+ cgroup1: blkio: support BFQ weights.
+ cgroupv2: set per-device io weights if BFQ IO scheduler is available.
Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95
This release of runc contains a fix for CVE-2021-30465, and users are
strongly recommended to update (especially if you are providing
semi-limited access to spawn containers to untrusted users). (bsc#1185405)
Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
Breaking Changes:
* cgroupv1: kernel memory limits are now always ignored, as kmemcg has
been effectively deprecated by the kernel. Users should make use of regular
memory cgroup controls.
Regression Fixes:
* seccomp: fix 32-bit compilation errors
* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
* runc start: fix 'chdir to cwd: permission denied' for some setups
Patchnames
openSUSE-SLE-15.3-2021-3506
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for containerd, docker, runc", title: "Title of the patch", }, { category: "description", text: "This update for containerd, docker, runc fixes the following issues:\n\nDocker was updated to 20.10.9-ce. (bsc#1191355)\n\nSee upstream changelog in the packaged\n /usr/share/doc/packages/docker/CHANGELOG.md. \n\n CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103\n\ncontainer was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355\n\n- CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282)\n\n- Install systemd service file as well (bsc#1190826)\n\nUpdate to runc v1.0.2. Upstream changelog is available from\n\n https://github.com/opencontainers/runc/releases/tag/v1.0.2\n\n* Fixed a failure to set CPU quota period in some cases on cgroup v1.\n* Fixed the inability to start a container with the 'adding seccomp filter\n rule for syscall ...' error, caused by redundant seccomp rules (i.e. those\n that has action equal to the default one). Such redundant rules are now\n skipped.\n* Made release builds reproducible from now on.\n* Fixed a rare debug log race in runc init, which can result in occasional\n harmful 'failed to decode ...' errors from runc run or exec.\n* Fixed the check in cgroup v1 systemd manager if a container needs to be\n frozen before Set, and add a setting to skip such freeze unconditionally.\n The previous fix for that issue, done in runc 1.0.1, was not working.\n\nUpdate to runc v1.0.1. Upstream changelog is available from\n\nhttps://github.com/opencontainers/runc/releases/tag/v1.0.1\n\n* Fixed occasional runc exec/run failure ('interrupted system call') on an\n Azure volume.\n* Fixed 'unable to find groups ... token too long' error with /etc/group\n containing lines longer than 64K characters.\n* cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is\n frozen. This is a regression in 1.0.0, not affecting runc itself but some\n of libcontainer users (e.g Kubernetes).\n* cgroupv2: bpf: Ignore inaccessible existing programs in case of\n permission error when handling replacement of existing bpf cgroup\n programs. This fixes a regression in 1.0.0, where some SELinux\n policies would block runc from being able to run entirely.\n* cgroup/systemd/v2: don't freeze cgroup on Set.\n* cgroup/systemd/v1: avoid unnecessary freeze on Set.\n- fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704\n\nUpdate to runc v1.0.0. Upstream changelog is available from\n\nhttps://github.com/opencontainers/runc/releases/tag/v1.0.0\n\n! The usage of relative paths for mountpoints will now produce a warning\n (such configurations are outside of the spec, and in future runc will\n produce an error when given such configurations).\n* cgroupv2: devices: rework the filter generation to produce consistent\n results with cgroupv1, and always clobber any existing eBPF\n program(s) to fix runc update and avoid leaking eBPF programs\n (resulting in errors when managing containers).\n* cgroupv2: correctly convert 'number of IOs' statistics in a\n cgroupv1-compatible way.\n* cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.\n* cgroupv2: wait for freeze to finish before returning from the freezing\n code, optimize the method for checking whether a cgroup is frozen.\n* cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94\n* cgroups/systemd: fixed returning 'unit already exists' error from a systemd\n cgroup manager (regression in rc94)\n+ cgroupv2: support SkipDevices with systemd driver\n+ cgroup/systemd: return, not ignore, stop unit error from Destroy\n+ Make 'runc --version' output sane even when built with go get or\n otherwise outside of our build scripts.\n+ cgroups: set SkipDevices during runc update (so we don't modify\n cgroups at all during runc update).\n+ cgroup1: blkio: support BFQ weights.\n+ cgroupv2: set per-device io weights if BFQ IO scheduler is available.\n\nUpdate to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95\n\nThis release of runc contains a fix for CVE-2021-30465, and users are\nstrongly recommended to update (especially if you are providing\nsemi-limited access to spawn containers to untrusted users). (bsc#1185405)\n\nUpdate to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94\n\nBreaking Changes:\n* cgroupv1: kernel memory limits are now always ignored, as kmemcg has\n been effectively deprecated by the kernel. Users should make use of regular\n memory cgroup controls.\n\nRegression Fixes:\n\n* seccomp: fix 32-bit compilation errors\n* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code\n* runc start: fix 'chdir to cwd: permission denied' for some setups\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-SLE-15.3-2021-3506", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_3506-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2021:3506-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NP4XGHFKECRFSI6UYXER53KXVGP66EHQ/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2021:3506-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NP4XGHFKECRFSI6UYXER53KXVGP66EHQ/", }, { category: "self", summary: "SUSE Bug 1102408", url: "https://bugzilla.suse.com/1102408", }, { category: "self", summary: "SUSE Bug 1185405", url: "https://bugzilla.suse.com/1185405", }, { category: "self", summary: "SUSE Bug 1187704", url: "https://bugzilla.suse.com/1187704", }, { category: "self", summary: "SUSE Bug 1188282", url: "https://bugzilla.suse.com/1188282", }, { category: "self", summary: "SUSE Bug 1190826", url: "https://bugzilla.suse.com/1190826", }, { category: "self", summary: "SUSE Bug 1191015", url: "https://bugzilla.suse.com/1191015", }, { category: "self", summary: "SUSE Bug 1191121", url: "https://bugzilla.suse.com/1191121", }, { category: "self", summary: "SUSE Bug 1191334", url: "https://bugzilla.suse.com/1191334", }, { category: "self", summary: "SUSE Bug 1191355", url: "https://bugzilla.suse.com/1191355", }, { category: "self", summary: "SUSE Bug 1191434", url: "https://bugzilla.suse.com/1191434", }, { category: "self", summary: "SUSE CVE CVE-2021-30465 page", url: "https://www.suse.com/security/cve/CVE-2021-30465/", }, { category: "self", summary: "SUSE CVE CVE-2021-32760 page", url: "https://www.suse.com/security/cve/CVE-2021-32760/", }, { category: "self", summary: "SUSE CVE CVE-2021-41089 page", url: "https://www.suse.com/security/cve/CVE-2021-41089/", }, { category: "self", summary: "SUSE CVE CVE-2021-41091 page", url: "https://www.suse.com/security/cve/CVE-2021-41091/", }, { category: "self", summary: "SUSE CVE CVE-2021-41092 page", url: "https://www.suse.com/security/cve/CVE-2021-41092/", }, { category: "self", summary: "SUSE CVE CVE-2021-41103 page", url: "https://www.suse.com/security/cve/CVE-2021-41103/", }, ], title: "Security update for containerd, docker, runc", tracking: { current_release_date: "2021-10-25T08:20:48Z", generator: { date: "2021-10-25T08:20:48Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2021:3506-1", initial_release_date: "2021-10-25T08:20:48Z", revision_history: [ { date: "2021-10-25T08:20:48Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "containerd-1.4.11-56.1.aarch64", product: { name: "containerd-1.4.11-56.1.aarch64", product_id: "containerd-1.4.11-56.1.aarch64", }, }, { category: "product_version", name: "containerd-ctr-1.4.11-56.1.aarch64", product: { name: "containerd-ctr-1.4.11-56.1.aarch64", product_id: "containerd-ctr-1.4.11-56.1.aarch64", }, }, { category: "product_version", name: "docker-20.10.9_ce-156.1.aarch64", product: { name: "docker-20.10.9_ce-156.1.aarch64", product_id: "docker-20.10.9_ce-156.1.aarch64", }, }, { category: "product_version", name: "docker-kubic-20.10.9_ce-156.1.aarch64", product: { name: "docker-kubic-20.10.9_ce-156.1.aarch64", product_id: "docker-kubic-20.10.9_ce-156.1.aarch64", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", product: { name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", product_id: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", }, }, { category: "product_version", name: "runc-1.0.2-23.1.aarch64", product: { name: "runc-1.0.2-23.1.aarch64", product_id: "runc-1.0.2-23.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "docker-bash-completion-20.10.9_ce-156.1.noarch", product: { name: "docker-bash-completion-20.10.9_ce-156.1.noarch", product_id: "docker-bash-completion-20.10.9_ce-156.1.noarch", }, }, { category: "product_version", name: "docker-fish-completion-20.10.9_ce-156.1.noarch", product: { name: "docker-fish-completion-20.10.9_ce-156.1.noarch", product_id: "docker-fish-completion-20.10.9_ce-156.1.noarch", }, }, { category: "product_version", name: "docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", product: { name: "docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", product_id: "docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", }, }, { category: "product_version", name: "docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", product: { name: "docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", product_id: "docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", }, }, { category: "product_version", name: "docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", product: { name: "docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", product_id: "docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", }, }, { category: "product_version", name: "docker-zsh-completion-20.10.9_ce-156.1.noarch", product: { name: "docker-zsh-completion-20.10.9_ce-156.1.noarch", product_id: "docker-zsh-completion-20.10.9_ce-156.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "containerd-1.4.11-56.1.ppc64le", product: { name: "containerd-1.4.11-56.1.ppc64le", product_id: "containerd-1.4.11-56.1.ppc64le", }, }, { category: "product_version", name: "containerd-ctr-1.4.11-56.1.ppc64le", product: { name: "containerd-ctr-1.4.11-56.1.ppc64le", product_id: "containerd-ctr-1.4.11-56.1.ppc64le", }, }, { category: "product_version", name: "docker-20.10.9_ce-156.1.ppc64le", product: { name: "docker-20.10.9_ce-156.1.ppc64le", product_id: "docker-20.10.9_ce-156.1.ppc64le", }, }, { category: "product_version", name: "docker-kubic-20.10.9_ce-156.1.ppc64le", product: { name: "docker-kubic-20.10.9_ce-156.1.ppc64le", product_id: "docker-kubic-20.10.9_ce-156.1.ppc64le", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", product: { name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", product_id: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", }, }, { category: "product_version", name: "runc-1.0.2-23.1.ppc64le", product: { name: "runc-1.0.2-23.1.ppc64le", product_id: "runc-1.0.2-23.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "containerd-1.4.11-56.1.s390x", product: { name: "containerd-1.4.11-56.1.s390x", product_id: "containerd-1.4.11-56.1.s390x", }, }, { category: "product_version", name: "containerd-ctr-1.4.11-56.1.s390x", product: { name: "containerd-ctr-1.4.11-56.1.s390x", product_id: "containerd-ctr-1.4.11-56.1.s390x", }, }, { category: "product_version", name: "docker-20.10.9_ce-156.1.s390x", product: { name: "docker-20.10.9_ce-156.1.s390x", product_id: "docker-20.10.9_ce-156.1.s390x", }, }, { category: "product_version", name: "docker-kubic-20.10.9_ce-156.1.s390x", product: { name: "docker-kubic-20.10.9_ce-156.1.s390x", product_id: "docker-kubic-20.10.9_ce-156.1.s390x", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", product: { name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", product_id: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", }, }, { category: "product_version", name: "runc-1.0.2-23.1.s390x", product: { name: "runc-1.0.2-23.1.s390x", product_id: "runc-1.0.2-23.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "containerd-1.4.11-56.1.x86_64", product: { name: "containerd-1.4.11-56.1.x86_64", product_id: "containerd-1.4.11-56.1.x86_64", }, }, { category: "product_version", name: "containerd-ctr-1.4.11-56.1.x86_64", product: { name: "containerd-ctr-1.4.11-56.1.x86_64", product_id: "containerd-ctr-1.4.11-56.1.x86_64", }, }, { category: "product_version", name: "docker-20.10.9_ce-156.1.x86_64", product: { name: "docker-20.10.9_ce-156.1.x86_64", product_id: "docker-20.10.9_ce-156.1.x86_64", }, }, { category: "product_version", name: "docker-kubic-20.10.9_ce-156.1.x86_64", product: { name: "docker-kubic-20.10.9_ce-156.1.x86_64", product_id: "docker-kubic-20.10.9_ce-156.1.x86_64", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", product: { name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", product_id: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", }, }, { category: "product_version", name: "runc-1.0.2-23.1.x86_64", product: { name: "runc-1.0.2-23.1.x86_64", product_id: "runc-1.0.2-23.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", }, product_reference: "containerd-1.4.11-56.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", }, product_reference: "containerd-1.4.11-56.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", }, product_reference: "containerd-1.4.11-56.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", }, product_reference: "containerd-1.4.11-56.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.11-56.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", }, product_reference: "containerd-ctr-1.4.11-56.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.11-56.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", }, product_reference: "containerd-ctr-1.4.11-56.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.11-56.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", }, product_reference: "containerd-ctr-1.4.11-56.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.11-56.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", }, product_reference: "containerd-ctr-1.4.11-56.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", }, product_reference: "docker-20.10.9_ce-156.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", }, product_reference: "docker-20.10.9_ce-156.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", }, product_reference: "docker-20.10.9_ce-156.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", }, product_reference: "docker-20.10.9_ce-156.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.9_ce-156.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-bash-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-fish-completion-20.10.9_ce-156.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-fish-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-20.10.9_ce-156.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", }, product_reference: "docker-kubic-20.10.9_ce-156.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-20.10.9_ce-156.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", }, product_reference: "docker-kubic-20.10.9_ce-156.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-20.10.9_ce-156.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", }, product_reference: "docker-kubic-20.10.9_ce-156.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-20.10.9_ce-156.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", }, product_reference: "docker-kubic-20.10.9_ce-156.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-bash-completion-20.10.9_ce-156.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-fish-completion-20.10.9_ce-156.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", }, product_reference: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", }, product_reference: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", }, product_reference: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", }, product_reference: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-zsh-completion-20.10.9_ce-156.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-zsh-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", }, product_reference: "runc-1.0.2-23.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", }, product_reference: "runc-1.0.2-23.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", }, product_reference: "runc-1.0.2-23.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", }, product_reference: "runc-1.0.2-23.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, ], }, vulnerabilities: [ { cve: "CVE-2021-30465", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-30465", }, ], notes: [ { category: "general", text: "runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-30465", url: "https://www.suse.com/security/cve/CVE-2021-30465", }, { category: "external", summary: "SUSE Bug 1185405 for CVE-2021-30465", url: "https://bugzilla.suse.com/1185405", }, { category: "external", summary: "SUSE Bug 1189161 for CVE-2021-30465", url: "https://bugzilla.suse.com/1189161", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-25T08:20:48Z", details: "important", }, ], title: "CVE-2021-30465", }, { cve: "CVE-2021-32760", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-32760", }, ], notes: [ { category: "general", text: "containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-32760", url: "https://www.suse.com/security/cve/CVE-2021-32760", }, { category: "external", summary: "SUSE Bug 1188282 for CVE-2021-32760", url: "https://bugzilla.suse.com/1188282", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-25T08:20:48Z", details: "low", }, ], title: "CVE-2021-32760", }, { cve: "CVE-2021-41089", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41089", }, ], notes: [ { category: "general", text: "Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41089", url: "https://www.suse.com/security/cve/CVE-2021-41089", }, { category: "external", summary: "SUSE Bug 1191015 for CVE-2021-41089", url: "https://bugzilla.suse.com/1191015", }, { category: "external", summary: "SUSE Bug 1191355 for CVE-2021-41089", url: "https://bugzilla.suse.com/1191355", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.6, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-25T08:20:48Z", details: "moderate", }, ], title: "CVE-2021-41089", }, { cve: "CVE-2021-41091", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41091", }, ], notes: [ { category: "general", text: "Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41091", url: "https://www.suse.com/security/cve/CVE-2021-41091", }, { category: "external", summary: "SUSE Bug 1191355 for CVE-2021-41091", url: "https://bugzilla.suse.com/1191355", }, { category: "external", summary: "SUSE Bug 1191434 for CVE-2021-41091", url: "https://bugzilla.suse.com/1191434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-25T08:20:48Z", details: "moderate", }, ], title: "CVE-2021-41091", }, { cve: "CVE-2021-41092", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41092", }, ], notes: [ { category: "general", text: "Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41092", url: "https://www.suse.com/security/cve/CVE-2021-41092", }, { category: "external", summary: "SUSE Bug 1191334 for CVE-2021-41092", url: "https://bugzilla.suse.com/1191334", }, { category: "external", summary: "SUSE Bug 1191355 for CVE-2021-41092", url: "https://bugzilla.suse.com/1191355", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-25T08:20:48Z", details: "moderate", }, ], title: "CVE-2021-41092", }, { cve: "CVE-2021-41103", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41103", }, ], notes: [ { category: "general", text: "containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41103", url: "https://www.suse.com/security/cve/CVE-2021-41103", }, { category: "external", summary: "SUSE Bug 1191121 for CVE-2021-41103", url: "https://bugzilla.suse.com/1191121", }, { category: "external", summary: "SUSE Bug 1191355 for CVE-2021-41103", url: "https://bugzilla.suse.com/1191355", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Leap 15.3:containerd-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.11-56.1.x86_64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.9_ce-156.1.noarch", "openSUSE Leap 15.3:runc-1.0.2-23.1.aarch64", "openSUSE Leap 15.3:runc-1.0.2-23.1.ppc64le", "openSUSE Leap 15.3:runc-1.0.2-23.1.s390x", "openSUSE Leap 15.3:runc-1.0.2-23.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-25T08:20:48Z", details: "moderate", }, ], title: "CVE-2021-41103", }, ], }
opensuse-su-2021:1404-1
Vulnerability from csaf_opensuse
Published
2021-10-31 14:52
Modified
2021-10-31 14:52
Summary
Security update for containerd, docker, runc
Notes
Title of the patch
Security update for containerd, docker, runc
Description of the patch
This update for containerd, docker, runc fixes the following issues:
Docker was updated to 20.10.9-ce. (bsc#1191355)
See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103
container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355
- CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282)
- Install systemd service file as well (bsc#1190826)
Update to runc v1.0.2. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.2
* Fixed a failure to set CPU quota period in some cases on cgroup v1.
* Fixed the inability to start a container with the 'adding seccomp filter
rule for syscall ...' error, caused by redundant seccomp rules (i.e. those
that has action equal to the default one). Such redundant rules are now
skipped.
* Made release builds reproducible from now on.
* Fixed a rare debug log race in runc init, which can result in occasional
harmful 'failed to decode ...' errors from runc run or exec.
* Fixed the check in cgroup v1 systemd manager if a container needs to be
frozen before Set, and add a setting to skip such freeze unconditionally.
The previous fix for that issue, done in runc 1.0.1, was not working.
Update to runc v1.0.1. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.1
* Fixed occasional runc exec/run failure ('interrupted system call') on an
Azure volume.
* Fixed 'unable to find groups ... token too long' error with /etc/group
containing lines longer than 64K characters.
* cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
frozen. This is a regression in 1.0.0, not affecting runc itself but some
of libcontainer users (e.g Kubernetes).
* cgroupv2: bpf: Ignore inaccessible existing programs in case of
permission error when handling replacement of existing bpf cgroup
programs. This fixes a regression in 1.0.0, where some SELinux
policies would block runc from being able to run entirely.
* cgroup/systemd/v2: don't freeze cgroup on Set.
* cgroup/systemd/v1: avoid unnecessary freeze on Set.
- fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704
Update to runc v1.0.0. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0
! The usage of relative paths for mountpoints will now produce a warning
(such configurations are outside of the spec, and in future runc will
produce an error when given such configurations).
* cgroupv2: devices: rework the filter generation to produce consistent
results with cgroupv1, and always clobber any existing eBPF
program(s) to fix runc update and avoid leaking eBPF programs
(resulting in errors when managing containers).
* cgroupv2: correctly convert 'number of IOs' statistics in a
cgroupv1-compatible way.
* cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
* cgroupv2: wait for freeze to finish before returning from the freezing
code, optimize the method for checking whether a cgroup is frozen.
* cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94
* cgroups/systemd: fixed returning 'unit already exists' error from a systemd
cgroup manager (regression in rc94)
+ cgroupv2: support SkipDevices with systemd driver
+ cgroup/systemd: return, not ignore, stop unit error from Destroy
+ Make 'runc --version' output sane even when built with go get or
otherwise outside of our build scripts.
+ cgroups: set SkipDevices during runc update (so we don't modify
cgroups at all during runc update).
+ cgroup1: blkio: support BFQ weights.
+ cgroupv2: set per-device io weights if BFQ IO scheduler is available.
Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95
This release of runc contains a fix for CVE-2021-30465, and users are
strongly recommended to update (especially if you are providing
semi-limited access to spawn containers to untrusted users). (bsc#1185405)
Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
Breaking Changes:
* cgroupv1: kernel memory limits are now always ignored, as kmemcg has
been effectively deprecated by the kernel. Users should make use of regular
memory cgroup controls.
Regression Fixes:
* seccomp: fix 32-bit compilation errors
* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
* runc start: fix 'chdir to cwd: permission denied' for some setups
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2021-1404
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for containerd, docker, runc", title: "Title of the patch", }, { category: "description", text: "This update for containerd, docker, runc fixes the following issues:\n\nDocker was updated to 20.10.9-ce. (bsc#1191355)\n\nSee upstream changelog in the packaged\n /usr/share/doc/packages/docker/CHANGELOG.md. \n\n CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103\n\ncontainer was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355\n\n- CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282)\n\n- Install systemd service file as well (bsc#1190826)\n\nUpdate to runc v1.0.2. Upstream changelog is available from\n\n https://github.com/opencontainers/runc/releases/tag/v1.0.2\n\n* Fixed a failure to set CPU quota period in some cases on cgroup v1.\n* Fixed the inability to start a container with the 'adding seccomp filter\n rule for syscall ...' error, caused by redundant seccomp rules (i.e. those\n that has action equal to the default one). Such redundant rules are now\n skipped.\n* Made release builds reproducible from now on.\n* Fixed a rare debug log race in runc init, which can result in occasional\n harmful 'failed to decode ...' errors from runc run or exec.\n* Fixed the check in cgroup v1 systemd manager if a container needs to be\n frozen before Set, and add a setting to skip such freeze unconditionally.\n The previous fix for that issue, done in runc 1.0.1, was not working.\n\nUpdate to runc v1.0.1. Upstream changelog is available from\n\nhttps://github.com/opencontainers/runc/releases/tag/v1.0.1\n\n* Fixed occasional runc exec/run failure ('interrupted system call') on an\n Azure volume.\n* Fixed 'unable to find groups ... token too long' error with /etc/group\n containing lines longer than 64K characters.\n* cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is\n frozen. This is a regression in 1.0.0, not affecting runc itself but some\n of libcontainer users (e.g Kubernetes).\n* cgroupv2: bpf: Ignore inaccessible existing programs in case of\n permission error when handling replacement of existing bpf cgroup\n programs. This fixes a regression in 1.0.0, where some SELinux\n policies would block runc from being able to run entirely.\n* cgroup/systemd/v2: don't freeze cgroup on Set.\n* cgroup/systemd/v1: avoid unnecessary freeze on Set.\n- fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704\n\nUpdate to runc v1.0.0. Upstream changelog is available from\n\nhttps://github.com/opencontainers/runc/releases/tag/v1.0.0\n\n! The usage of relative paths for mountpoints will now produce a warning\n (such configurations are outside of the spec, and in future runc will\n produce an error when given such configurations).\n* cgroupv2: devices: rework the filter generation to produce consistent\n results with cgroupv1, and always clobber any existing eBPF\n program(s) to fix runc update and avoid leaking eBPF programs\n (resulting in errors when managing containers).\n* cgroupv2: correctly convert 'number of IOs' statistics in a\n cgroupv1-compatible way.\n* cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.\n* cgroupv2: wait for freeze to finish before returning from the freezing\n code, optimize the method for checking whether a cgroup is frozen.\n* cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94\n* cgroups/systemd: fixed returning 'unit already exists' error from a systemd\n cgroup manager (regression in rc94)\n+ cgroupv2: support SkipDevices with systemd driver\n+ cgroup/systemd: return, not ignore, stop unit error from Destroy\n+ Make 'runc --version' output sane even when built with go get or\n otherwise outside of our build scripts.\n+ cgroups: set SkipDevices during runc update (so we don't modify\n cgroups at all during runc update).\n+ cgroup1: blkio: support BFQ weights.\n+ cgroupv2: set per-device io weights if BFQ IO scheduler is available.\n\nUpdate to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95\n\nThis release of runc contains a fix for CVE-2021-30465, and users are\nstrongly recommended to update (especially if you are providing\nsemi-limited access to spawn containers to untrusted users). (bsc#1185405)\n\nUpdate to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94\n\nBreaking Changes:\n* cgroupv1: kernel memory limits are now always ignored, as kmemcg has\n been effectively deprecated by the kernel. Users should make use of regular\n memory cgroup controls.\n\nRegression Fixes:\n\n* seccomp: fix 32-bit compilation errors\n* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code\n* runc start: fix 'chdir to cwd: permission denied' for some setups\n\nThis update was imported from the SUSE:SLE-15:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2021-1404", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1404-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2021:1404-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L7ADRJZ4HKOCVZC5ZKIM4MD6EZEHBNB3/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2021:1404-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L7ADRJZ4HKOCVZC5ZKIM4MD6EZEHBNB3/", }, { category: "self", summary: "SUSE Bug 1102408", url: "https://bugzilla.suse.com/1102408", }, { category: "self", summary: "SUSE Bug 1185405", url: "https://bugzilla.suse.com/1185405", }, { category: "self", summary: "SUSE Bug 1187704", url: "https://bugzilla.suse.com/1187704", }, { category: "self", summary: "SUSE Bug 1188282", url: "https://bugzilla.suse.com/1188282", }, { category: "self", summary: "SUSE Bug 1190826", url: "https://bugzilla.suse.com/1190826", }, { category: "self", summary: "SUSE Bug 1191015", url: "https://bugzilla.suse.com/1191015", }, { category: "self", summary: "SUSE Bug 1191121", url: "https://bugzilla.suse.com/1191121", }, { category: "self", summary: "SUSE Bug 1191334", url: "https://bugzilla.suse.com/1191334", }, { category: "self", summary: "SUSE Bug 1191355", url: "https://bugzilla.suse.com/1191355", }, { category: "self", summary: "SUSE Bug 1191434", url: "https://bugzilla.suse.com/1191434", }, { category: "self", summary: "SUSE CVE CVE-2021-30465 page", url: "https://www.suse.com/security/cve/CVE-2021-30465/", }, { category: "self", summary: "SUSE CVE CVE-2021-32760 page", url: "https://www.suse.com/security/cve/CVE-2021-32760/", }, { category: "self", summary: "SUSE CVE CVE-2021-41089 page", url: "https://www.suse.com/security/cve/CVE-2021-41089/", }, { category: "self", summary: "SUSE CVE CVE-2021-41091 page", url: "https://www.suse.com/security/cve/CVE-2021-41091/", }, { category: "self", summary: "SUSE CVE CVE-2021-41092 page", url: "https://www.suse.com/security/cve/CVE-2021-41092/", }, { category: "self", summary: "SUSE CVE CVE-2021-41103 page", url: "https://www.suse.com/security/cve/CVE-2021-41103/", }, ], title: "Security update for containerd, docker, runc", tracking: { current_release_date: "2021-10-31T14:52:54Z", generator: { date: "2021-10-31T14:52:54Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2021:1404-1", initial_release_date: "2021-10-31T14:52:54Z", revision_history: [ { date: "2021-10-31T14:52:54Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", product: { name: "docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", product_id: "docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", }, }, { category: "product_version", name: "docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", product: { name: "docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", product_id: "docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", }, }, { category: "product_version", name: "docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", product: { name: "docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", product_id: "docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "containerd-1.4.11-lp152.2.12.1.x86_64", product: { name: "containerd-1.4.11-lp152.2.12.1.x86_64", product_id: "containerd-1.4.11-lp152.2.12.1.x86_64", }, }, { category: "product_version", name: "containerd-ctr-1.4.11-lp152.2.12.1.x86_64", product: { name: "containerd-ctr-1.4.11-lp152.2.12.1.x86_64", product_id: "containerd-ctr-1.4.11-lp152.2.12.1.x86_64", }, }, { category: "product_version", name: "docker-20.10.9_ce-lp152.2.18.1.x86_64", product: { name: "docker-20.10.9_ce-lp152.2.18.1.x86_64", product_id: "docker-20.10.9_ce-lp152.2.18.1.x86_64", }, }, { category: "product_version", name: "runc-1.0.2-lp152.2.9.1.x86_64", product: { name: "runc-1.0.2-lp152.2.9.1.x86_64", product_id: "runc-1.0.2-lp152.2.9.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.2", product: { name: "openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-lp152.2.12.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", }, product_reference: "containerd-1.4.11-lp152.2.12.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.11-lp152.2.12.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", }, product_reference: "containerd-ctr-1.4.11-lp152.2.12.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-lp152.2.18.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", }, product_reference: "docker-20.10.9_ce-lp152.2.18.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", }, product_reference: "docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", }, product_reference: "docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", }, product_reference: "docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", }, product_reference: "runc-1.0.2-lp152.2.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, ], }, vulnerabilities: [ { cve: "CVE-2021-30465", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-30465", }, ], notes: [ { category: "general", text: "runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-30465", url: "https://www.suse.com/security/cve/CVE-2021-30465", }, { category: "external", summary: "SUSE Bug 1185405 for CVE-2021-30465", url: "https://bugzilla.suse.com/1185405", }, { category: "external", summary: "SUSE Bug 1189161 for CVE-2021-30465", url: "https://bugzilla.suse.com/1189161", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-31T14:52:54Z", details: "important", }, ], title: "CVE-2021-30465", }, { cve: "CVE-2021-32760", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-32760", }, ], notes: [ { category: "general", text: "containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-32760", url: "https://www.suse.com/security/cve/CVE-2021-32760", }, { category: "external", summary: "SUSE Bug 1188282 for CVE-2021-32760", url: "https://bugzilla.suse.com/1188282", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-31T14:52:54Z", details: "low", }, ], title: "CVE-2021-32760", }, { cve: "CVE-2021-41089", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41089", }, ], notes: [ { category: "general", text: "Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41089", url: "https://www.suse.com/security/cve/CVE-2021-41089", }, { category: "external", summary: "SUSE Bug 1191015 for CVE-2021-41089", url: "https://bugzilla.suse.com/1191015", }, { category: "external", summary: "SUSE Bug 1191355 for CVE-2021-41089", url: "https://bugzilla.suse.com/1191355", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.6, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-31T14:52:54Z", details: "moderate", }, ], title: "CVE-2021-41089", }, { cve: "CVE-2021-41091", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41091", }, ], notes: [ { category: "general", text: "Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41091", url: "https://www.suse.com/security/cve/CVE-2021-41091", }, { category: "external", summary: "SUSE Bug 1191355 for CVE-2021-41091", url: "https://bugzilla.suse.com/1191355", }, { category: "external", summary: "SUSE Bug 1191434 for CVE-2021-41091", url: "https://bugzilla.suse.com/1191434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-31T14:52:54Z", details: "moderate", }, ], title: "CVE-2021-41091", }, { cve: "CVE-2021-41092", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41092", }, ], notes: [ { category: "general", text: "Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41092", url: "https://www.suse.com/security/cve/CVE-2021-41092", }, { category: "external", summary: "SUSE Bug 1191334 for CVE-2021-41092", url: "https://bugzilla.suse.com/1191334", }, { category: "external", summary: "SUSE Bug 1191355 for CVE-2021-41092", url: "https://bugzilla.suse.com/1191355", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-31T14:52:54Z", details: "moderate", }, ], title: "CVE-2021-41092", }, { cve: "CVE-2021-41103", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41103", }, ], notes: [ { category: "general", text: "containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41103", url: "https://www.suse.com/security/cve/CVE-2021-41103", }, { category: "external", summary: "SUSE Bug 1191121 for CVE-2021-41103", url: "https://bugzilla.suse.com/1191121", }, { category: "external", summary: "SUSE Bug 1191355 for CVE-2021-41103", url: "https://bugzilla.suse.com/1191355", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Leap 15.2:containerd-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:containerd-ctr-1.4.11-lp152.2.12.1.x86_64", "openSUSE Leap 15.2:docker-20.10.9_ce-lp152.2.18.1.x86_64", "openSUSE Leap 15.2:docker-bash-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-fish-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:docker-zsh-completion-20.10.9_ce-lp152.2.18.1.noarch", "openSUSE Leap 15.2:runc-1.0.2-lp152.2.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-31T14:52:54Z", details: "moderate", }, ], title: "CVE-2021-41103", }, ], }
WID-SEC-W-2022-1002
Vulnerability from csaf_certbund
Published
2021-12-08 23:00
Modified
2023-11-16 23:00
Summary
Amazon Linux 2: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Amazon Linux ist eine Linux Distribition, die für Amazon Clouddienste optimiert ist.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Amazon Linux 2 ausnutzen, um Informationen offenzulegen, Dateien zu manipulieren oder falsche Informationen darzustellen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Amazon Linux ist eine Linux Distribition, die für Amazon Clouddienste optimiert ist.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein lokaler Angreifer kann mehrere Schwachstellen in Amazon Linux 2 ausnutzen, um Informationen offenzulegen, Dateien zu manipulieren oder falsche Informationen darzustellen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-1002 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-1002.json", }, { category: "self", summary: "WID-SEC-2022-1002 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1002", }, { category: "external", summary: "Amazon Linux Security Advisory ALASECS-2023-025 vom 2023-11-17", url: "https://alas.aws.amazon.com/AL2/ALASECS-2023-025.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALASECS-2023-029 vom 2023-11-17", url: "https://alas.aws.amazon.com/AL2/ALASECS-2023-029.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALASECS-2023-026 vom 2023-11-17", url: "https://alas.aws.amazon.com/AL2/ALASECS-2023-026.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALASECS-2023-014 vom 2023-10-20", url: "https://alas.aws.amazon.com/AL2/ALASECS-2023-014.html", }, { category: "external", summary: "Amazon Linux Security Advisory vom 2021-12-08", url: "https://alas.aws.amazon.com/AL2/ALASDOCKER-2021-010.html", }, { category: "external", summary: "Amazon Linux Security Advisory vom 2021-12-08", url: "https://alas.aws.amazon.com/AL2/ALASDOCKER-2021-011.html", }, { category: "external", summary: "Amazon Linux Security Advisory vom 2021-12-08", url: "https://alas.aws.amazon.com/AL2/ALASDOCKER-2021-013.html", }, { category: "external", summary: "Amazon Linux Security Advisory vom 2021-12-08", url: "https://alas.aws.amazon.com/AL2/ALASDOCKER-2021-014.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2021-1555 vom 2022-01-11", url: "https://alas.aws.amazon.com/ALAS-2021-1555.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:0687 vom 2022-03-01", url: "https://access.redhat.com/errata/RHSA-2022:0687", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:23018-1 vom 2022-03-04", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010347.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:1507-1 vom 2022-05-03", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-May/010921.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:1734 vom 2022-05-05", url: "https://access.redhat.com/errata/RHSA-2022:1734", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:5069 vom 2022-08-10", url: "https://access.redhat.com/errata/RHSA-2022:5069", }, ], source_lang: "en-US", title: "Amazon Linux 2: Mehrere Schwachstellen", tracking: { current_release_date: "2023-11-16T23:00:00.000+00:00", generator: { date: "2024-08-15T17:33:12.859+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-1002", initial_release_date: "2021-12-08T23:00:00.000+00:00", revision_history: [ { date: "2021-12-08T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2022-01-11T23:00:00.000+00:00", number: "2", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2022-02-28T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2022-03-03T23:00:00.000+00:00", number: "4", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-05-03T22:00:00.000+00:00", number: "5", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-05-05T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2022-08-10T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-10-19T22:00:00.000+00:00", number: "8", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-11-16T23:00:00.000+00:00", number: "9", summary: "Neue Updates von Amazon aufgenommen", }, ], status: "final", version: "9", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, { category: "product_name", name: "Amazon Linux 2 plugins", product: { name: "Amazon Linux 2 plugins", product_id: "T021223", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:plugins", }, }, }, ], category: "product_name", name: "Linux 2", }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, ], }, vulnerabilities: [ { cve: "CVE-2021-21334", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Amazon Linux 2 im \"containerd CRI plugin\". Sie besteht darin, dass Pull-Operationen durch das Plugin dazu führen, dass gleiche Images unterschiedliche Umgebungsvariablen erhalten. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren.", }, ], product_status: { known_affected: [ "T021223", "T002207", "67646", "398363", ], }, release_date: "2021-12-08T23:00:00.000+00:00", title: "CVE-2021-21334", }, { cve: "CVE-2021-32760", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Amazon Linux 2 im \"containerd\"-plugin. Sie ist auf eine mögliche Änderung von Dateiberechtigungen zurückzuführen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren.", }, ], product_status: { known_affected: [ "T021223", "T002207", "67646", "398363", ], }, release_date: "2021-12-08T23:00:00.000+00:00", title: "CVE-2021-32760", }, { cve: "CVE-2021-41190", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Amazon Linux 2 in den Plugins \"containerd\" und \"docker\". Sie ist auf eine unsichere Deserialisierung zurückzuführen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um falsche Informationen darzustellen.", }, ], product_status: { known_affected: [ "T021223", "T002207", "67646", "398363", ], }, release_date: "2021-12-08T23:00:00.000+00:00", title: "CVE-2021-41190", }, { cve: "CVE-2020-15157", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Amazon Linux 2. Sie tritt bei einer Pull-Operation eines Containers auf. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T021223", "T002207", "67646", "398363", ], }, release_date: "2021-12-08T23:00:00.000+00:00", title: "CVE-2020-15157", }, ], }
wid-sec-w-2022-1002
Vulnerability from csaf_certbund
Published
2021-12-08 23:00
Modified
2023-11-16 23:00
Summary
Amazon Linux 2: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Amazon Linux ist eine Linux Distribition, die für Amazon Clouddienste optimiert ist.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Amazon Linux 2 ausnutzen, um Informationen offenzulegen, Dateien zu manipulieren oder falsche Informationen darzustellen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Amazon Linux ist eine Linux Distribition, die für Amazon Clouddienste optimiert ist.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein lokaler Angreifer kann mehrere Schwachstellen in Amazon Linux 2 ausnutzen, um Informationen offenzulegen, Dateien zu manipulieren oder falsche Informationen darzustellen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-1002 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-1002.json", }, { category: "self", summary: "WID-SEC-2022-1002 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1002", }, { category: "external", summary: "Amazon Linux Security Advisory ALASECS-2023-025 vom 2023-11-17", url: "https://alas.aws.amazon.com/AL2/ALASECS-2023-025.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALASECS-2023-029 vom 2023-11-17", url: "https://alas.aws.amazon.com/AL2/ALASECS-2023-029.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALASECS-2023-026 vom 2023-11-17", url: "https://alas.aws.amazon.com/AL2/ALASECS-2023-026.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALASECS-2023-014 vom 2023-10-20", url: "https://alas.aws.amazon.com/AL2/ALASECS-2023-014.html", }, { category: "external", summary: "Amazon Linux Security Advisory vom 2021-12-08", url: "https://alas.aws.amazon.com/AL2/ALASDOCKER-2021-010.html", }, { category: "external", summary: "Amazon Linux Security Advisory vom 2021-12-08", url: "https://alas.aws.amazon.com/AL2/ALASDOCKER-2021-011.html", }, { category: "external", summary: "Amazon Linux Security Advisory vom 2021-12-08", url: "https://alas.aws.amazon.com/AL2/ALASDOCKER-2021-013.html", }, { category: "external", summary: "Amazon Linux Security Advisory vom 2021-12-08", url: "https://alas.aws.amazon.com/AL2/ALASDOCKER-2021-014.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2021-1555 vom 2022-01-11", url: "https://alas.aws.amazon.com/ALAS-2021-1555.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:0687 vom 2022-03-01", url: "https://access.redhat.com/errata/RHSA-2022:0687", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:23018-1 vom 2022-03-04", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010347.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:1507-1 vom 2022-05-03", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-May/010921.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:1734 vom 2022-05-05", url: "https://access.redhat.com/errata/RHSA-2022:1734", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:5069 vom 2022-08-10", url: "https://access.redhat.com/errata/RHSA-2022:5069", }, ], source_lang: "en-US", title: "Amazon Linux 2: Mehrere Schwachstellen", tracking: { current_release_date: "2023-11-16T23:00:00.000+00:00", generator: { date: "2024-08-15T17:33:12.859+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-1002", initial_release_date: "2021-12-08T23:00:00.000+00:00", revision_history: [ { date: "2021-12-08T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2022-01-11T23:00:00.000+00:00", number: "2", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2022-02-28T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2022-03-03T23:00:00.000+00:00", number: "4", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-05-03T22:00:00.000+00:00", number: "5", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-05-05T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2022-08-10T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-10-19T22:00:00.000+00:00", number: "8", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-11-16T23:00:00.000+00:00", number: "9", summary: "Neue Updates von Amazon aufgenommen", }, ], status: "final", version: "9", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, { category: "product_name", name: "Amazon Linux 2 plugins", product: { name: "Amazon Linux 2 plugins", product_id: "T021223", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:plugins", }, }, }, ], category: "product_name", name: "Linux 2", }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, ], }, vulnerabilities: [ { cve: "CVE-2021-21334", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Amazon Linux 2 im \"containerd CRI plugin\". Sie besteht darin, dass Pull-Operationen durch das Plugin dazu führen, dass gleiche Images unterschiedliche Umgebungsvariablen erhalten. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren.", }, ], product_status: { known_affected: [ "T021223", "T002207", "67646", "398363", ], }, release_date: "2021-12-08T23:00:00.000+00:00", title: "CVE-2021-21334", }, { cve: "CVE-2021-32760", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Amazon Linux 2 im \"containerd\"-plugin. Sie ist auf eine mögliche Änderung von Dateiberechtigungen zurückzuführen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren.", }, ], product_status: { known_affected: [ "T021223", "T002207", "67646", "398363", ], }, release_date: "2021-12-08T23:00:00.000+00:00", title: "CVE-2021-32760", }, { cve: "CVE-2021-41190", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Amazon Linux 2 in den Plugins \"containerd\" und \"docker\". Sie ist auf eine unsichere Deserialisierung zurückzuführen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um falsche Informationen darzustellen.", }, ], product_status: { known_affected: [ "T021223", "T002207", "67646", "398363", ], }, release_date: "2021-12-08T23:00:00.000+00:00", title: "CVE-2021-41190", }, { cve: "CVE-2020-15157", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Amazon Linux 2. Sie tritt bei einer Pull-Operation eines Containers auf. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T021223", "T002207", "67646", "398363", ], }, release_date: "2021-12-08T23:00:00.000+00:00", title: "CVE-2020-15157", }, ], }
fkie_cve-2021-32760
Vulnerability from fkie_nvd
Published
2021-07-19 21:15
Modified
2024-11-21 06:07
Severity ?
5.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Summary
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | containerd | * | |
| linuxfoundation | containerd | * | |
| fedoraproject | fedora | 34 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*", matchCriteriaId: "B80F3640-4786-43D6-B222-FBE9A98B86D8", versionEndExcluding: "1.4.8", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*", matchCriteriaId: "B29F81BF-E74A-4C4E-ADEE-7A70AA58A9DC", versionEndExcluding: "1.5.4", versionStartIncluding: "1.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.", }, { lang: "es", value: "containerd es un tiempo de ejecución de contenedores. Se ha encontrado un bug en las versiones de containerd anteriores a 1.4.8 y la 1.5.4, donde tirando y extrayendo una imagen de contenedor especialmente diseñada puede resultar en cambios en los permisos de archivos Unix para los archivos existentes en el sistema de archivos del host. Los cambios en los permisos de los archivos pueden denegar el acceso al propietario esperado del archivo, ampliar el acceso a otros, o establecer bits extendidos como setuid, setgid y sticky. Este bug no permite directamente la lectura, modificación o ejecución de archivos sin un proceso adicional de cooperación. Este bug ha sido corregido en containerd versiones 1.5.4 y 1.4.8. Como solución, asegúrese de que los usuarios sólo obtienen imágenes de fuentes de confianza. Los módulos de seguridad de Linux (LSM) como SELinux y AppArmor pueden limitar los archivos potencialmente afectados por este bug mediante políticas y perfiles que impiden que containerd interactúe con archivos específicos", }, ], id: "CVE-2021-32760", lastModified: "2024-11-21T06:07:41.097", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-19T21:15:07.857", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/containerd/containerd/releases/tag/v1.4.8", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/containerd/containerd/releases/tag/v1.5.4", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/", }, { source: "security-advisories@github.com", url: "https://security.gentoo.org/glsa/202401-31", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/containerd/containerd/releases/tag/v1.4.8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/containerd/containerd/releases/tag/v1.5.4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-31", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-668", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
suse-su-2021:2412-1
Vulnerability from csaf_suse
Published
2021-07-20 13:25
Modified
2021-07-20 13:25
Summary
Security update for containerd
Notes
Title of the patch
Security update for containerd
Description of the patch
This update for containerd fixes the following issues:
- CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. (bsc#1188282)
Patchnames
SUSE-2021-2412,SUSE-SLE-Module-Containers-15-SP2-2021-2412,SUSE-SLE-Module-Containers-15-SP3-2021-2412,SUSE-SUSE-MicroOS-5.0-2021-2412
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for containerd", title: "Title of the patch", }, { category: "description", text: "This update for containerd fixes the following issues:\n\n- CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. (bsc#1188282)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2021-2412,SUSE-SLE-Module-Containers-15-SP2-2021-2412,SUSE-SLE-Module-Containers-15-SP3-2021-2412,SUSE-SUSE-MicroOS-5.0-2021-2412", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_2412-1.json", }, { category: "self", summary: "URL for SUSE-SU-2021:2412-1", url: "https://www.suse.com/support/update/announcement/2021/suse-su-20212412-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2021:2412-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009163.html", }, { category: "self", summary: "SUSE Bug 1188282", url: "https://bugzilla.suse.com/1188282", }, { category: "self", summary: "SUSE CVE CVE-2021-32760 page", url: "https://www.suse.com/security/cve/CVE-2021-32760/", }, ], title: "Security update for containerd", tracking: { current_release_date: "2021-07-20T13:25:44Z", generator: { date: "2021-07-20T13:25:44Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2021:2412-1", initial_release_date: "2021-07-20T13:25:44Z", revision_history: [ { date: "2021-07-20T13:25:44Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "containerd-1.4.4-5.36.1.aarch64", product: { name: "containerd-1.4.4-5.36.1.aarch64", product_id: "containerd-1.4.4-5.36.1.aarch64", }, }, { category: "product_version", name: "containerd-ctr-1.4.4-5.36.1.aarch64", product: { name: "containerd-ctr-1.4.4-5.36.1.aarch64", product_id: "containerd-ctr-1.4.4-5.36.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "containerd-1.4.4-5.36.1.i586", product: { name: "containerd-1.4.4-5.36.1.i586", product_id: "containerd-1.4.4-5.36.1.i586", }, }, { category: "product_version", name: "containerd-ctr-1.4.4-5.36.1.i586", product: { name: "containerd-ctr-1.4.4-5.36.1.i586", product_id: "containerd-ctr-1.4.4-5.36.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "containerd-1.4.4-5.36.1.ppc64le", product: { name: "containerd-1.4.4-5.36.1.ppc64le", product_id: "containerd-1.4.4-5.36.1.ppc64le", }, }, { category: "product_version", name: "containerd-ctr-1.4.4-5.36.1.ppc64le", product: { name: "containerd-ctr-1.4.4-5.36.1.ppc64le", product_id: "containerd-ctr-1.4.4-5.36.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "containerd-1.4.4-5.36.1.s390x", product: { name: "containerd-1.4.4-5.36.1.s390x", product_id: "containerd-1.4.4-5.36.1.s390x", }, }, { category: "product_version", name: "containerd-ctr-1.4.4-5.36.1.s390x", product: { name: "containerd-ctr-1.4.4-5.36.1.s390x", product_id: "containerd-ctr-1.4.4-5.36.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "containerd-1.4.4-5.36.1.x86_64", product: { name: "containerd-1.4.4-5.36.1.x86_64", product_id: "containerd-1.4.4-5.36.1.x86_64", }, }, { category: "product_version", name: "containerd-ctr-1.4.4-5.36.1.x86_64", product: { name: "containerd-ctr-1.4.4-5.36.1.x86_64", product_id: "containerd-ctr-1.4.4-5.36.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Containers 15 SP2", product: { name: "SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-containers:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Containers 15 SP3", product: { name: "SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-containers:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Micro 5.0", product: { name: "SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0", product_identification_helper: { cpe: "cpe:/o:suse:suse-microos:5.0", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "containerd-1.4.4-5.36.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.4-5.36.1.aarch64", }, product_reference: "containerd-1.4.4-5.36.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP2", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.4-5.36.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.4-5.36.1.ppc64le", }, product_reference: "containerd-1.4.4-5.36.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP2", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.4-5.36.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.4-5.36.1.s390x", }, product_reference: "containerd-1.4.4-5.36.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP2", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.4-5.36.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.4-5.36.1.x86_64", }, product_reference: "containerd-1.4.4-5.36.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP2", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.4-5.36.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.4-5.36.1.aarch64", }, product_reference: "containerd-1.4.4-5.36.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.4-5.36.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.4-5.36.1.ppc64le", }, product_reference: "containerd-1.4.4-5.36.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.4-5.36.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.4-5.36.1.s390x", }, product_reference: "containerd-1.4.4-5.36.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.4-5.36.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.4-5.36.1.x86_64", }, product_reference: "containerd-1.4.4-5.36.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.4-5.36.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0:containerd-1.4.4-5.36.1.aarch64", }, product_reference: "containerd-1.4.4-5.36.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.0", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.4-5.36.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0:containerd-1.4.4-5.36.1.x86_64", }, product_reference: "containerd-1.4.4-5.36.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.0", }, ], }, vulnerabilities: [ { cve: "CVE-2021-32760", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-32760", }, ], notes: [ { category: "general", text: "containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:containerd-1.4.4-5.36.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.4-5.36.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.4-5.36.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.4-5.36.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.4-5.36.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.4-5.36.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.4-5.36.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.4-5.36.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.4-5.36.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.4-5.36.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-32760", url: "https://www.suse.com/security/cve/CVE-2021-32760", }, { category: "external", summary: "SUSE Bug 1188282 for CVE-2021-32760", url: "https://bugzilla.suse.com/1188282", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:containerd-1.4.4-5.36.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.4-5.36.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.4-5.36.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.4-5.36.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.4-5.36.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.4-5.36.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.4-5.36.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.4-5.36.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.4-5.36.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.4-5.36.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:containerd-1.4.4-5.36.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.4-5.36.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.4-5.36.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.4-5.36.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.4-5.36.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.4-5.36.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.4-5.36.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.4-5.36.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.4-5.36.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.4-5.36.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-07-20T13:25:44Z", details: "low", }, ], title: "CVE-2021-32760", }, ], }
suse-su-2021:2413-1
Vulnerability from csaf_suse
Published
2021-07-20 13:25
Modified
2021-07-20 13:25
Summary
Security update for containerd
Notes
Title of the patch
Security update for containerd
Description of the patch
This update for containerd fixes the following issues:
- CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. (bsc#1188282)
Patchnames
SUSE-2021-2413,SUSE-SLE-Module-Containers-12-2021-2413
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for containerd", title: "Title of the patch", }, { category: "description", text: "This update for containerd fixes the following issues:\n\n- CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. (bsc#1188282)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2021-2413,SUSE-SLE-Module-Containers-12-2021-2413", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_2413-1.json", }, { category: "self", summary: "URL for SUSE-SU-2021:2413-1", url: "https://www.suse.com/support/update/announcement/2021/suse-su-20212413-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2021:2413-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009168.html", }, { category: "self", summary: "SUSE Bug 1188282", url: "https://bugzilla.suse.com/1188282", }, { category: "self", summary: "SUSE CVE CVE-2021-32760 page", url: "https://www.suse.com/security/cve/CVE-2021-32760/", }, ], title: "Security update for containerd", tracking: { current_release_date: "2021-07-20T13:25:56Z", generator: { date: "2021-07-20T13:25:56Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2021:2413-1", initial_release_date: "2021-07-20T13:25:56Z", revision_history: [ { date: "2021-07-20T13:25:56Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "containerd-1.4.4-16.42.1.aarch64", product: { name: "containerd-1.4.4-16.42.1.aarch64", product_id: "containerd-1.4.4-16.42.1.aarch64", }, }, { category: "product_version", name: "containerd-ctr-1.4.4-16.42.1.aarch64", product: { name: "containerd-ctr-1.4.4-16.42.1.aarch64", product_id: "containerd-ctr-1.4.4-16.42.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "containerd-1.4.4-16.42.1.i586", product: { name: "containerd-1.4.4-16.42.1.i586", product_id: "containerd-1.4.4-16.42.1.i586", }, }, { category: "product_version", name: "containerd-ctr-1.4.4-16.42.1.i586", product: { name: "containerd-ctr-1.4.4-16.42.1.i586", product_id: "containerd-ctr-1.4.4-16.42.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "containerd-1.4.4-16.42.1.ppc64le", product: { name: "containerd-1.4.4-16.42.1.ppc64le", product_id: "containerd-1.4.4-16.42.1.ppc64le", }, }, { category: "product_version", name: "containerd-ctr-1.4.4-16.42.1.ppc64le", product: { name: "containerd-ctr-1.4.4-16.42.1.ppc64le", product_id: "containerd-ctr-1.4.4-16.42.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "containerd-1.4.4-16.42.1.s390x", product: { name: "containerd-1.4.4-16.42.1.s390x", product_id: "containerd-1.4.4-16.42.1.s390x", }, }, { category: "product_version", name: "containerd-ctr-1.4.4-16.42.1.s390x", product: { name: "containerd-ctr-1.4.4-16.42.1.s390x", product_id: "containerd-ctr-1.4.4-16.42.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "containerd-1.4.4-16.42.1.x86_64", product: { name: "containerd-1.4.4-16.42.1.x86_64", product_id: "containerd-1.4.4-16.42.1.x86_64", }, }, { category: "product_version", name: "containerd-ctr-1.4.4-16.42.1.x86_64", product: { name: "containerd-ctr-1.4.4-16.42.1.x86_64", product_id: "containerd-ctr-1.4.4-16.42.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Containers 12", product: { name: "SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-containers:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "containerd-1.4.4-16.42.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.42.1.ppc64le", }, product_reference: "containerd-1.4.4-16.42.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.4-16.42.1.s390x as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.42.1.s390x", }, product_reference: "containerd-1.4.4-16.42.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.4-16.42.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.42.1.x86_64", }, product_reference: "containerd-1.4.4-16.42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, ], }, vulnerabilities: [ { cve: "CVE-2021-32760", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-32760", }, ], notes: [ { category: "general", text: "containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.42.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.42.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.42.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-32760", url: "https://www.suse.com/security/cve/CVE-2021-32760", }, { category: "external", summary: "SUSE Bug 1188282 for CVE-2021-32760", url: "https://bugzilla.suse.com/1188282", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.42.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.42.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.42.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.42.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.42.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.42.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-07-20T13:25:56Z", details: "low", }, ], title: "CVE-2021-32760", }, ], }
suse-su-2021:3336-1
Vulnerability from csaf_suse
Published
2021-10-12 09:05
Modified
2021-10-12 09:05
Summary
Security update for containerd, docker, runc
Notes
Title of the patch
Security update for containerd, docker, runc
Description of the patch
This update for containerd, docker, runc fixes the following issues:
Docker was updated to 20.10.9-ce. (bsc#1191355)
See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103
container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355
- CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282)
Update to runc v1.0.2. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.2
* Fixed a failure to set CPU quota period in some cases on cgroup v1.
* Fixed the inability to start a container with the 'adding seccomp filter
rule for syscall ...' error, caused by redundant seccomp rules (i.e. those
that has action equal to the default one). Such redundant rules are now
skipped.
* Made release builds reproducible from now on.
* Fixed a rare debug log race in runc init, which can result in occasional
harmful 'failed to decode ...' errors from runc run or exec.
* Fixed the check in cgroup v1 systemd manager if a container needs to be
frozen before Set, and add a setting to skip such freeze unconditionally.
The previous fix for that issue, done in runc 1.0.1, was not working.
Update to runc v1.0.1. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.1
* Fixed occasional runc exec/run failure ('interrupted system call') on an
Azure volume.
* Fixed 'unable to find groups ... token too long' error with /etc/group
containing lines longer than 64K characters.
* cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
frozen. This is a regression in 1.0.0, not affecting runc itself but some
of libcontainer users (e.g Kubernetes).
* cgroupv2: bpf: Ignore inaccessible existing programs in case of
permission error when handling replacement of existing bpf cgroup
programs. This fixes a regression in 1.0.0, where some SELinux
policies would block runc from being able to run entirely.
* cgroup/systemd/v2: don't freeze cgroup on Set.
* cgroup/systemd/v1: avoid unnecessary freeze on Set.
- fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704
Update to runc v1.0.0. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0
! The usage of relative paths for mountpoints will now produce a warning
(such configurations are outside of the spec, and in future runc will
produce an error when given such configurations).
* cgroupv2: devices: rework the filter generation to produce consistent
results with cgroupv1, and always clobber any existing eBPF
program(s) to fix runc update and avoid leaking eBPF programs
(resulting in errors when managing containers).
* cgroupv2: correctly convert 'number of IOs' statistics in a
cgroupv1-compatible way.
* cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
* cgroupv2: wait for freeze to finish before returning from the freezing
code, optimize the method for checking whether a cgroup is frozen.
* cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94
* cgroups/systemd: fixed returning 'unit already exists' error from a systemd
cgroup manager (regression in rc94)
+ cgroupv2: support SkipDevices with systemd driver
+ cgroup/systemd: return, not ignore, stop unit error from Destroy
+ Make 'runc --version' output sane even when built with go get or
otherwise outside of our build scripts.
+ cgroups: set SkipDevices during runc update (so we don't modify
cgroups at all during runc update).
+ cgroup1: blkio: support BFQ weights.
+ cgroupv2: set per-device io weights if BFQ IO scheduler is available.
Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95
This release of runc contains a fix for CVE-2021-30465, and users are
strongly recommended to update (especially if you are providing
semi-limited access to spawn containers to untrusted users). (bsc#1185405)
Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
Breaking Changes:
* cgroupv1: kernel memory limits are now always ignored, as kmemcg has
been effectively deprecated by the kernel. Users should make use of regular
memory cgroup controls.
Regression Fixes:
* seccomp: fix 32-bit compilation errors
* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
* runc start: fix 'chdir to cwd: permission denied' for some setups
Patchnames
SUSE-2021-3336,SUSE-SLE-Module-Containers-12-2021-3336
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for containerd, docker, runc", title: "Title of the patch", }, { category: "description", text: "This update for containerd, docker, runc fixes the following issues:\n\nDocker was updated to 20.10.9-ce. (bsc#1191355)\n\nSee upstream changelog in the packaged\n /usr/share/doc/packages/docker/CHANGELOG.md. \n\n CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103\n\ncontainer was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355\n\n- CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282)\n\nUpdate to runc v1.0.2. Upstream changelog is available from\n\n https://github.com/opencontainers/runc/releases/tag/v1.0.2\n\n* Fixed a failure to set CPU quota period in some cases on cgroup v1.\n* Fixed the inability to start a container with the 'adding seccomp filter\n rule for syscall ...' error, caused by redundant seccomp rules (i.e. those\n that has action equal to the default one). Such redundant rules are now\n skipped.\n* Made release builds reproducible from now on.\n* Fixed a rare debug log race in runc init, which can result in occasional\n harmful 'failed to decode ...' errors from runc run or exec.\n* Fixed the check in cgroup v1 systemd manager if a container needs to be\n frozen before Set, and add a setting to skip such freeze unconditionally.\n The previous fix for that issue, done in runc 1.0.1, was not working.\n\nUpdate to runc v1.0.1. Upstream changelog is available from\n\nhttps://github.com/opencontainers/runc/releases/tag/v1.0.1\n\n* Fixed occasional runc exec/run failure ('interrupted system call') on an\n Azure volume.\n* Fixed 'unable to find groups ... token too long' error with /etc/group\n containing lines longer than 64K characters.\n* cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is\n frozen. This is a regression in 1.0.0, not affecting runc itself but some\n of libcontainer users (e.g Kubernetes).\n* cgroupv2: bpf: Ignore inaccessible existing programs in case of\n permission error when handling replacement of existing bpf cgroup\n programs. This fixes a regression in 1.0.0, where some SELinux\n policies would block runc from being able to run entirely.\n* cgroup/systemd/v2: don't freeze cgroup on Set.\n* cgroup/systemd/v1: avoid unnecessary freeze on Set.\n- fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704\n\nUpdate to runc v1.0.0. Upstream changelog is available from\n\nhttps://github.com/opencontainers/runc/releases/tag/v1.0.0\n\n! The usage of relative paths for mountpoints will now produce a warning\n (such configurations are outside of the spec, and in future runc will\n produce an error when given such configurations).\n* cgroupv2: devices: rework the filter generation to produce consistent\n results with cgroupv1, and always clobber any existing eBPF\n program(s) to fix runc update and avoid leaking eBPF programs\n (resulting in errors when managing containers).\n* cgroupv2: correctly convert 'number of IOs' statistics in a\n cgroupv1-compatible way.\n* cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.\n* cgroupv2: wait for freeze to finish before returning from the freezing\n code, optimize the method for checking whether a cgroup is frozen.\n* cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94\n* cgroups/systemd: fixed returning 'unit already exists' error from a systemd\n cgroup manager (regression in rc94)\n+ cgroupv2: support SkipDevices with systemd driver\n+ cgroup/systemd: return, not ignore, stop unit error from Destroy\n+ Make 'runc --version' output sane even when built with go get or\n otherwise outside of our build scripts.\n+ cgroups: set SkipDevices during runc update (so we don't modify\n cgroups at all during runc update).\n+ cgroup1: blkio: support BFQ weights.\n+ cgroupv2: set per-device io weights if BFQ IO scheduler is available.\n\nUpdate to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95\n\nThis release of runc contains a fix for CVE-2021-30465, and users are\nstrongly recommended to update (especially if you are providing\nsemi-limited access to spawn containers to untrusted users). (bsc#1185405)\n\nUpdate to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94\n\nBreaking Changes:\n* cgroupv1: kernel memory limits are now always ignored, as kmemcg has\n been effectively deprecated by the kernel. Users should make use of regular\n memory cgroup controls.\n\nRegression Fixes:\n\n* seccomp: fix 32-bit compilation errors\n* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code\n* runc start: fix 'chdir to cwd: permission denied' for some setups\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2021-3336,SUSE-SLE-Module-Containers-12-2021-3336", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_3336-1.json", }, { category: "self", summary: "URL for SUSE-SU-2021:3336-1", url: "https://www.suse.com/support/update/announcement/2021/suse-su-20213336-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2021:3336-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2021-October/009566.html", }, { category: "self", summary: "SUSE Bug 1102408", url: "https://bugzilla.suse.com/1102408", }, { category: "self", summary: "SUSE Bug 1185405", url: "https://bugzilla.suse.com/1185405", }, { category: "self", summary: "SUSE Bug 1187704", url: "https://bugzilla.suse.com/1187704", }, { category: "self", summary: "SUSE Bug 1188282", url: "https://bugzilla.suse.com/1188282", }, { category: "self", summary: "SUSE Bug 1191015", url: "https://bugzilla.suse.com/1191015", }, { category: "self", summary: "SUSE Bug 1191121", url: "https://bugzilla.suse.com/1191121", }, { category: "self", summary: "SUSE Bug 1191334", url: "https://bugzilla.suse.com/1191334", }, { category: "self", summary: "SUSE Bug 1191355", url: "https://bugzilla.suse.com/1191355", }, { category: "self", summary: "SUSE Bug 1191434", url: "https://bugzilla.suse.com/1191434", }, { category: "self", summary: "SUSE CVE CVE-2021-30465 page", url: "https://www.suse.com/security/cve/CVE-2021-30465/", }, { category: "self", summary: "SUSE CVE CVE-2021-32760 page", url: "https://www.suse.com/security/cve/CVE-2021-32760/", }, { category: "self", summary: "SUSE CVE CVE-2021-41089 page", url: "https://www.suse.com/security/cve/CVE-2021-41089/", }, { category: "self", summary: "SUSE CVE CVE-2021-41091 page", url: "https://www.suse.com/security/cve/CVE-2021-41091/", }, { category: "self", summary: "SUSE CVE CVE-2021-41092 page", url: "https://www.suse.com/security/cve/CVE-2021-41092/", }, { category: "self", summary: "SUSE CVE CVE-2021-41103 page", url: "https://www.suse.com/security/cve/CVE-2021-41103/", }, ], title: "Security update for containerd, docker, runc", tracking: { current_release_date: "2021-10-12T09:05:24Z", generator: { date: "2021-10-12T09:05:24Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2021:3336-1", initial_release_date: "2021-10-12T09:05:24Z", revision_history: [ { date: "2021-10-12T09:05:24Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "containerd-1.4.11-16.45.1.aarch64", product: { name: "containerd-1.4.11-16.45.1.aarch64", product_id: "containerd-1.4.11-16.45.1.aarch64", }, }, { category: "product_version", name: "containerd-ctr-1.4.11-16.45.1.aarch64", product: { name: "containerd-ctr-1.4.11-16.45.1.aarch64", product_id: "containerd-ctr-1.4.11-16.45.1.aarch64", }, }, { category: "product_version", name: "docker-20.10.9_ce-98.72.1.aarch64", product: { name: "docker-20.10.9_ce-98.72.1.aarch64", product_id: "docker-20.10.9_ce-98.72.1.aarch64", }, }, { category: "product_version", name: "docker-kubic-20.10.9_ce-98.72.1.aarch64", product: { name: "docker-kubic-20.10.9_ce-98.72.1.aarch64", product_id: "docker-kubic-20.10.9_ce-98.72.1.aarch64", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-98.72.1.aarch64", product: { name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-98.72.1.aarch64", product_id: "docker-kubic-kubeadm-criconfig-20.10.9_ce-98.72.1.aarch64", }, }, { category: "product_version", name: "runc-1.0.2-16.14.1.aarch64", product: { name: "runc-1.0.2-16.14.1.aarch64", product_id: "runc-1.0.2-16.14.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "containerd-1.4.11-16.45.1.i586", product: { name: "containerd-1.4.11-16.45.1.i586", product_id: "containerd-1.4.11-16.45.1.i586", }, }, { category: "product_version", name: "containerd-ctr-1.4.11-16.45.1.i586", product: { name: "containerd-ctr-1.4.11-16.45.1.i586", product_id: "containerd-ctr-1.4.11-16.45.1.i586", }, }, { category: "product_version", name: "docker-20.10.9_ce-98.72.1.i586", product: { name: "docker-20.10.9_ce-98.72.1.i586", product_id: "docker-20.10.9_ce-98.72.1.i586", }, }, { category: "product_version", name: "runc-1.0.2-16.14.1.i586", product: { name: "runc-1.0.2-16.14.1.i586", product_id: "runc-1.0.2-16.14.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "docker-bash-completion-20.10.9_ce-98.72.1.noarch", product: { name: "docker-bash-completion-20.10.9_ce-98.72.1.noarch", product_id: "docker-bash-completion-20.10.9_ce-98.72.1.noarch", }, }, { category: "product_version", name: "docker-fish-completion-20.10.9_ce-98.72.1.noarch", product: { name: "docker-fish-completion-20.10.9_ce-98.72.1.noarch", product_id: "docker-fish-completion-20.10.9_ce-98.72.1.noarch", }, }, { category: "product_version", name: "docker-kubic-bash-completion-20.10.9_ce-98.72.1.noarch", product: { name: "docker-kubic-bash-completion-20.10.9_ce-98.72.1.noarch", product_id: "docker-kubic-bash-completion-20.10.9_ce-98.72.1.noarch", }, }, { category: "product_version", name: "docker-kubic-fish-completion-20.10.9_ce-98.72.1.noarch", product: { name: "docker-kubic-fish-completion-20.10.9_ce-98.72.1.noarch", product_id: "docker-kubic-fish-completion-20.10.9_ce-98.72.1.noarch", }, }, { category: "product_version", name: "docker-kubic-zsh-completion-20.10.9_ce-98.72.1.noarch", product: { name: "docker-kubic-zsh-completion-20.10.9_ce-98.72.1.noarch", product_id: "docker-kubic-zsh-completion-20.10.9_ce-98.72.1.noarch", }, }, { category: "product_version", name: "docker-zsh-completion-20.10.9_ce-98.72.1.noarch", product: { name: "docker-zsh-completion-20.10.9_ce-98.72.1.noarch", product_id: "docker-zsh-completion-20.10.9_ce-98.72.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "containerd-1.4.11-16.45.1.ppc64le", product: { name: "containerd-1.4.11-16.45.1.ppc64le", product_id: "containerd-1.4.11-16.45.1.ppc64le", }, }, { category: "product_version", name: "containerd-ctr-1.4.11-16.45.1.ppc64le", product: { name: "containerd-ctr-1.4.11-16.45.1.ppc64le", product_id: "containerd-ctr-1.4.11-16.45.1.ppc64le", }, }, { category: "product_version", name: "docker-20.10.9_ce-98.72.1.ppc64le", product: { name: "docker-20.10.9_ce-98.72.1.ppc64le", product_id: "docker-20.10.9_ce-98.72.1.ppc64le", }, }, { category: "product_version", name: "docker-kubic-20.10.9_ce-98.72.1.ppc64le", product: { name: "docker-kubic-20.10.9_ce-98.72.1.ppc64le", product_id: "docker-kubic-20.10.9_ce-98.72.1.ppc64le", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-98.72.1.ppc64le", product: { name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-98.72.1.ppc64le", product_id: "docker-kubic-kubeadm-criconfig-20.10.9_ce-98.72.1.ppc64le", }, }, { category: "product_version", name: "runc-1.0.2-16.14.1.ppc64le", product: { name: "runc-1.0.2-16.14.1.ppc64le", product_id: "runc-1.0.2-16.14.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "containerd-1.4.11-16.45.1.s390x", product: { name: "containerd-1.4.11-16.45.1.s390x", product_id: "containerd-1.4.11-16.45.1.s390x", }, }, { category: "product_version", name: "containerd-ctr-1.4.11-16.45.1.s390x", product: { name: "containerd-ctr-1.4.11-16.45.1.s390x", product_id: "containerd-ctr-1.4.11-16.45.1.s390x", }, }, { category: "product_version", name: "docker-20.10.9_ce-98.72.1.s390x", product: { name: "docker-20.10.9_ce-98.72.1.s390x", product_id: "docker-20.10.9_ce-98.72.1.s390x", }, }, { category: "product_version", name: "docker-kubic-20.10.9_ce-98.72.1.s390x", product: { name: "docker-kubic-20.10.9_ce-98.72.1.s390x", product_id: "docker-kubic-20.10.9_ce-98.72.1.s390x", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-98.72.1.s390x", product: { name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-98.72.1.s390x", product_id: "docker-kubic-kubeadm-criconfig-20.10.9_ce-98.72.1.s390x", }, }, { category: "product_version", name: "runc-1.0.2-16.14.1.s390x", product: { name: "runc-1.0.2-16.14.1.s390x", product_id: "runc-1.0.2-16.14.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "containerd-1.4.11-16.45.1.x86_64", product: { name: "containerd-1.4.11-16.45.1.x86_64", product_id: "containerd-1.4.11-16.45.1.x86_64", }, }, { category: "product_version", name: "containerd-ctr-1.4.11-16.45.1.x86_64", product: { name: "containerd-ctr-1.4.11-16.45.1.x86_64", product_id: "containerd-ctr-1.4.11-16.45.1.x86_64", }, }, { category: "product_version", name: "docker-20.10.9_ce-98.72.1.x86_64", product: { name: "docker-20.10.9_ce-98.72.1.x86_64", product_id: "docker-20.10.9_ce-98.72.1.x86_64", }, }, { category: "product_version", name: "docker-kubic-20.10.9_ce-98.72.1.x86_64", product: { name: "docker-kubic-20.10.9_ce-98.72.1.x86_64", product_id: "docker-kubic-20.10.9_ce-98.72.1.x86_64", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-98.72.1.x86_64", product: { name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-98.72.1.x86_64", product_id: "docker-kubic-kubeadm-criconfig-20.10.9_ce-98.72.1.x86_64", }, }, { category: "product_version", name: "runc-1.0.2-16.14.1.x86_64", product: { name: "runc-1.0.2-16.14.1.x86_64", product_id: "runc-1.0.2-16.14.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Containers 12", product: { name: "SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-containers:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-16.45.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", }, product_reference: "containerd-1.4.11-16.45.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-16.45.1.s390x as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", }, product_reference: "containerd-1.4.11-16.45.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-16.45.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", }, product_reference: "containerd-1.4.11-16.45.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-98.72.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", }, product_reference: "docker-20.10.9_ce-98.72.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-98.72.1.s390x as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", }, product_reference: "docker-20.10.9_ce-98.72.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-98.72.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", }, product_reference: "docker-20.10.9_ce-98.72.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-16.14.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", }, product_reference: "runc-1.0.2-16.14.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-16.14.1.s390x as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", }, product_reference: "runc-1.0.2-16.14.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-16.14.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", }, product_reference: "runc-1.0.2-16.14.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, ], }, vulnerabilities: [ { cve: "CVE-2021-30465", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-30465", }, ], notes: [ { category: "general", text: "runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-30465", url: "https://www.suse.com/security/cve/CVE-2021-30465", }, { category: "external", summary: "SUSE Bug 1185405 for CVE-2021-30465", url: "https://bugzilla.suse.com/1185405", }, { category: "external", summary: "SUSE Bug 1189161 for CVE-2021-30465", url: "https://bugzilla.suse.com/1189161", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-12T09:05:24Z", details: "important", }, ], title: "CVE-2021-30465", }, { cve: "CVE-2021-32760", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-32760", }, ], notes: [ { category: "general", text: "containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-32760", url: "https://www.suse.com/security/cve/CVE-2021-32760", }, { category: "external", summary: "SUSE Bug 1188282 for CVE-2021-32760", url: "https://bugzilla.suse.com/1188282", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-12T09:05:24Z", details: "low", }, ], title: "CVE-2021-32760", }, { cve: "CVE-2021-41089", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41089", }, ], notes: [ { category: "general", text: "Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41089", url: "https://www.suse.com/security/cve/CVE-2021-41089", }, { category: "external", summary: "SUSE Bug 1191015 for CVE-2021-41089", url: "https://bugzilla.suse.com/1191015", }, { category: "external", summary: "SUSE Bug 1191355 for CVE-2021-41089", url: "https://bugzilla.suse.com/1191355", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.6, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-12T09:05:24Z", details: "moderate", }, ], title: "CVE-2021-41089", }, { cve: "CVE-2021-41091", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41091", }, ], notes: [ { category: "general", text: "Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41091", url: "https://www.suse.com/security/cve/CVE-2021-41091", }, { category: "external", summary: "SUSE Bug 1191355 for CVE-2021-41091", url: "https://bugzilla.suse.com/1191355", }, { category: "external", summary: "SUSE Bug 1191434 for CVE-2021-41091", url: "https://bugzilla.suse.com/1191434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-12T09:05:24Z", details: "moderate", }, ], title: "CVE-2021-41091", }, { cve: "CVE-2021-41092", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41092", }, ], notes: [ { category: "general", text: "Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41092", url: "https://www.suse.com/security/cve/CVE-2021-41092", }, { category: "external", summary: "SUSE Bug 1191334 for CVE-2021-41092", url: "https://bugzilla.suse.com/1191334", }, { category: "external", summary: "SUSE Bug 1191355 for CVE-2021-41092", url: "https://bugzilla.suse.com/1191355", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-12T09:05:24Z", details: "moderate", }, ], title: "CVE-2021-41092", }, { cve: "CVE-2021-41103", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41103", }, ], notes: [ { category: "general", text: "containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41103", url: "https://www.suse.com/security/cve/CVE-2021-41103", }, { category: "external", summary: "SUSE Bug 1191121 for CVE-2021-41103", url: "https://bugzilla.suse.com/1191121", }, { category: "external", summary: "SUSE Bug 1191355 for CVE-2021-41103", url: "https://bugzilla.suse.com/1191355", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.11-16.45.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.9_ce-98.72.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.s390x", "SUSE Linux Enterprise Module for Containers 12:runc-1.0.2-16.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-12T09:05:24Z", details: "moderate", }, ], title: "CVE-2021-41103", }, ], }
suse-su-2021:3506-1
Vulnerability from csaf_suse
Published
2021-10-25 08:20
Modified
2021-10-25 08:20
Summary
Security update for containerd, docker, runc
Notes
Title of the patch
Security update for containerd, docker, runc
Description of the patch
This update for containerd, docker, runc fixes the following issues:
Docker was updated to 20.10.9-ce. (bsc#1191355)
See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103
container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355
- CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282)
- Install systemd service file as well (bsc#1190826)
Update to runc v1.0.2. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.2
* Fixed a failure to set CPU quota period in some cases on cgroup v1.
* Fixed the inability to start a container with the 'adding seccomp filter
rule for syscall ...' error, caused by redundant seccomp rules (i.e. those
that has action equal to the default one). Such redundant rules are now
skipped.
* Made release builds reproducible from now on.
* Fixed a rare debug log race in runc init, which can result in occasional
harmful 'failed to decode ...' errors from runc run or exec.
* Fixed the check in cgroup v1 systemd manager if a container needs to be
frozen before Set, and add a setting to skip such freeze unconditionally.
The previous fix for that issue, done in runc 1.0.1, was not working.
Update to runc v1.0.1. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.1
* Fixed occasional runc exec/run failure ('interrupted system call') on an
Azure volume.
* Fixed 'unable to find groups ... token too long' error with /etc/group
containing lines longer than 64K characters.
* cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
frozen. This is a regression in 1.0.0, not affecting runc itself but some
of libcontainer users (e.g Kubernetes).
* cgroupv2: bpf: Ignore inaccessible existing programs in case of
permission error when handling replacement of existing bpf cgroup
programs. This fixes a regression in 1.0.0, where some SELinux
policies would block runc from being able to run entirely.
* cgroup/systemd/v2: don't freeze cgroup on Set.
* cgroup/systemd/v1: avoid unnecessary freeze on Set.
- fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704
Update to runc v1.0.0. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0
! The usage of relative paths for mountpoints will now produce a warning
(such configurations are outside of the spec, and in future runc will
produce an error when given such configurations).
* cgroupv2: devices: rework the filter generation to produce consistent
results with cgroupv1, and always clobber any existing eBPF
program(s) to fix runc update and avoid leaking eBPF programs
(resulting in errors when managing containers).
* cgroupv2: correctly convert 'number of IOs' statistics in a
cgroupv1-compatible way.
* cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
* cgroupv2: wait for freeze to finish before returning from the freezing
code, optimize the method for checking whether a cgroup is frozen.
* cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94
* cgroups/systemd: fixed returning 'unit already exists' error from a systemd
cgroup manager (regression in rc94)
+ cgroupv2: support SkipDevices with systemd driver
+ cgroup/systemd: return, not ignore, stop unit error from Destroy
+ Make 'runc --version' output sane even when built with go get or
otherwise outside of our build scripts.
+ cgroups: set SkipDevices during runc update (so we don't modify
cgroups at all during runc update).
+ cgroup1: blkio: support BFQ weights.
+ cgroupv2: set per-device io weights if BFQ IO scheduler is available.
Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95
This release of runc contains a fix for CVE-2021-30465, and users are
strongly recommended to update (especially if you are providing
semi-limited access to spawn containers to untrusted users). (bsc#1185405)
Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
Breaking Changes:
* cgroupv1: kernel memory limits are now always ignored, as kmemcg has
been effectively deprecated by the kernel. Users should make use of regular
memory cgroup controls.
Regression Fixes:
* seccomp: fix 32-bit compilation errors
* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
* runc start: fix 'chdir to cwd: permission denied' for some setups
Patchnames
SUSE-2021-3506,SUSE-SLE-Module-Containers-15-SP2-2021-3506,SUSE-SLE-Module-Containers-15-SP3-2021-3506,SUSE-SLE-Product-HPC-15-2021-3506,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3506,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3506,SUSE-SLE-Product-SLES-15-2021-3506,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3506,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3506,SUSE-SLE-Product-SLES_SAP-15-2021-3506,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3506,SUSE-SUSE-MicroOS-5.0-2021-3506,SUSE-SUSE-MicroOS-5.1-2021-3506,SUSE-Storage-6-2021-3506,SUSE-Storage-7-2021-3506
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for containerd, docker, runc", title: "Title of the patch", }, { category: "description", text: "This update for containerd, docker, runc fixes the following issues:\n\nDocker was updated to 20.10.9-ce. (bsc#1191355)\n\nSee upstream changelog in the packaged\n /usr/share/doc/packages/docker/CHANGELOG.md. \n\n CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103\n\ncontainer was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355\n\n- CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282)\n\n- Install systemd service file as well (bsc#1190826)\n\nUpdate to runc v1.0.2. Upstream changelog is available from\n\n https://github.com/opencontainers/runc/releases/tag/v1.0.2\n\n* Fixed a failure to set CPU quota period in some cases on cgroup v1.\n* Fixed the inability to start a container with the 'adding seccomp filter\n rule for syscall ...' error, caused by redundant seccomp rules (i.e. those\n that has action equal to the default one). Such redundant rules are now\n skipped.\n* Made release builds reproducible from now on.\n* Fixed a rare debug log race in runc init, which can result in occasional\n harmful 'failed to decode ...' errors from runc run or exec.\n* Fixed the check in cgroup v1 systemd manager if a container needs to be\n frozen before Set, and add a setting to skip such freeze unconditionally.\n The previous fix for that issue, done in runc 1.0.1, was not working.\n\nUpdate to runc v1.0.1. Upstream changelog is available from\n\nhttps://github.com/opencontainers/runc/releases/tag/v1.0.1\n\n* Fixed occasional runc exec/run failure ('interrupted system call') on an\n Azure volume.\n* Fixed 'unable to find groups ... token too long' error with /etc/group\n containing lines longer than 64K characters.\n* cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is\n frozen. This is a regression in 1.0.0, not affecting runc itself but some\n of libcontainer users (e.g Kubernetes).\n* cgroupv2: bpf: Ignore inaccessible existing programs in case of\n permission error when handling replacement of existing bpf cgroup\n programs. This fixes a regression in 1.0.0, where some SELinux\n policies would block runc from being able to run entirely.\n* cgroup/systemd/v2: don't freeze cgroup on Set.\n* cgroup/systemd/v1: avoid unnecessary freeze on Set.\n- fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704\n\nUpdate to runc v1.0.0. Upstream changelog is available from\n\nhttps://github.com/opencontainers/runc/releases/tag/v1.0.0\n\n! The usage of relative paths for mountpoints will now produce a warning\n (such configurations are outside of the spec, and in future runc will\n produce an error when given such configurations).\n* cgroupv2: devices: rework the filter generation to produce consistent\n results with cgroupv1, and always clobber any existing eBPF\n program(s) to fix runc update and avoid leaking eBPF programs\n (resulting in errors when managing containers).\n* cgroupv2: correctly convert 'number of IOs' statistics in a\n cgroupv1-compatible way.\n* cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.\n* cgroupv2: wait for freeze to finish before returning from the freezing\n code, optimize the method for checking whether a cgroup is frozen.\n* cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94\n* cgroups/systemd: fixed returning 'unit already exists' error from a systemd\n cgroup manager (regression in rc94)\n+ cgroupv2: support SkipDevices with systemd driver\n+ cgroup/systemd: return, not ignore, stop unit error from Destroy\n+ Make 'runc --version' output sane even when built with go get or\n otherwise outside of our build scripts.\n+ cgroups: set SkipDevices during runc update (so we don't modify\n cgroups at all during runc update).\n+ cgroup1: blkio: support BFQ weights.\n+ cgroupv2: set per-device io weights if BFQ IO scheduler is available.\n\nUpdate to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95\n\nThis release of runc contains a fix for CVE-2021-30465, and users are\nstrongly recommended to update (especially if you are providing\nsemi-limited access to spawn containers to untrusted users). (bsc#1185405)\n\nUpdate to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94\n\nBreaking Changes:\n* cgroupv1: kernel memory limits are now always ignored, as kmemcg has\n been effectively deprecated by the kernel. Users should make use of regular\n memory cgroup controls.\n\nRegression Fixes:\n\n* seccomp: fix 32-bit compilation errors\n* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code\n* runc start: fix 'chdir to cwd: permission denied' for some setups\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2021-3506,SUSE-SLE-Module-Containers-15-SP2-2021-3506,SUSE-SLE-Module-Containers-15-SP3-2021-3506,SUSE-SLE-Product-HPC-15-2021-3506,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3506,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3506,SUSE-SLE-Product-SLES-15-2021-3506,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3506,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3506,SUSE-SLE-Product-SLES_SAP-15-2021-3506,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3506,SUSE-SUSE-MicroOS-5.0-2021-3506,SUSE-SUSE-MicroOS-5.1-2021-3506,SUSE-Storage-6-2021-3506,SUSE-Storage-7-2021-3506", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_3506-1.json", }, { category: "self", summary: "URL for SUSE-SU-2021:3506-1", url: "https://www.suse.com/support/update/announcement/2021/suse-su-20213506-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2021:3506-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2021-October/009645.html", }, { category: "self", summary: "SUSE Bug 1102408", url: "https://bugzilla.suse.com/1102408", }, { category: "self", summary: "SUSE Bug 1185405", url: "https://bugzilla.suse.com/1185405", }, { category: "self", summary: "SUSE Bug 1187704", url: "https://bugzilla.suse.com/1187704", }, { category: "self", summary: "SUSE Bug 1188282", url: "https://bugzilla.suse.com/1188282", }, { category: "self", summary: "SUSE Bug 1190826", url: "https://bugzilla.suse.com/1190826", }, { category: "self", summary: "SUSE Bug 1191015", url: "https://bugzilla.suse.com/1191015", }, { category: "self", summary: "SUSE Bug 1191121", url: "https://bugzilla.suse.com/1191121", }, { category: "self", summary: "SUSE Bug 1191334", url: "https://bugzilla.suse.com/1191334", }, { category: "self", summary: "SUSE Bug 1191355", url: "https://bugzilla.suse.com/1191355", }, { category: "self", summary: "SUSE Bug 1191434", url: "https://bugzilla.suse.com/1191434", }, { category: "self", summary: "SUSE CVE CVE-2021-30465 page", url: "https://www.suse.com/security/cve/CVE-2021-30465/", }, { category: "self", summary: "SUSE CVE CVE-2021-32760 page", url: "https://www.suse.com/security/cve/CVE-2021-32760/", }, { category: "self", summary: "SUSE CVE CVE-2021-41089 page", url: "https://www.suse.com/security/cve/CVE-2021-41089/", }, { category: "self", summary: "SUSE CVE CVE-2021-41091 page", url: "https://www.suse.com/security/cve/CVE-2021-41091/", }, { category: "self", summary: "SUSE CVE CVE-2021-41092 page", url: "https://www.suse.com/security/cve/CVE-2021-41092/", }, { category: "self", summary: "SUSE CVE CVE-2021-41103 page", url: "https://www.suse.com/security/cve/CVE-2021-41103/", }, ], title: "Security update for containerd, docker, runc", tracking: { current_release_date: "2021-10-25T08:20:55Z", generator: { date: "2021-10-25T08:20:55Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2021:3506-1", initial_release_date: "2021-10-25T08:20:55Z", revision_history: [ { date: "2021-10-25T08:20:55Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "containerd-1.4.11-56.1.aarch64", product: { name: "containerd-1.4.11-56.1.aarch64", product_id: "containerd-1.4.11-56.1.aarch64", }, }, { category: "product_version", name: "containerd-ctr-1.4.11-56.1.aarch64", product: { name: "containerd-ctr-1.4.11-56.1.aarch64", product_id: "containerd-ctr-1.4.11-56.1.aarch64", }, }, { category: "product_version", name: "docker-20.10.9_ce-156.1.aarch64", product: { name: "docker-20.10.9_ce-156.1.aarch64", product_id: "docker-20.10.9_ce-156.1.aarch64", }, }, { category: "product_version", name: "docker-kubic-20.10.9_ce-156.1.aarch64", product: { name: "docker-kubic-20.10.9_ce-156.1.aarch64", product_id: "docker-kubic-20.10.9_ce-156.1.aarch64", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", product: { name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", product_id: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.aarch64", }, }, { category: "product_version", name: "runc-1.0.2-23.1.aarch64", product: { name: "runc-1.0.2-23.1.aarch64", product_id: "runc-1.0.2-23.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "containerd-1.4.11-56.1.i586", product: { name: "containerd-1.4.11-56.1.i586", product_id: "containerd-1.4.11-56.1.i586", }, }, { category: "product_version", name: "containerd-ctr-1.4.11-56.1.i586", product: { name: "containerd-ctr-1.4.11-56.1.i586", product_id: "containerd-ctr-1.4.11-56.1.i586", }, }, { category: "product_version", name: "docker-20.10.9_ce-156.1.i586", product: { name: "docker-20.10.9_ce-156.1.i586", product_id: "docker-20.10.9_ce-156.1.i586", }, }, { category: "product_version", name: "runc-1.0.2-23.1.i586", product: { name: "runc-1.0.2-23.1.i586", product_id: "runc-1.0.2-23.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "docker-bash-completion-20.10.9_ce-156.1.noarch", product: { name: "docker-bash-completion-20.10.9_ce-156.1.noarch", product_id: "docker-bash-completion-20.10.9_ce-156.1.noarch", }, }, { category: "product_version", name: "docker-fish-completion-20.10.9_ce-156.1.noarch", product: { name: "docker-fish-completion-20.10.9_ce-156.1.noarch", product_id: "docker-fish-completion-20.10.9_ce-156.1.noarch", }, }, { category: "product_version", name: "docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", product: { name: "docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", product_id: "docker-kubic-bash-completion-20.10.9_ce-156.1.noarch", }, }, { category: "product_version", name: "docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", product: { name: "docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", product_id: "docker-kubic-fish-completion-20.10.9_ce-156.1.noarch", }, }, { category: "product_version", name: "docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", product: { name: "docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", product_id: "docker-kubic-zsh-completion-20.10.9_ce-156.1.noarch", }, }, { category: "product_version", name: "docker-zsh-completion-20.10.9_ce-156.1.noarch", product: { name: "docker-zsh-completion-20.10.9_ce-156.1.noarch", product_id: "docker-zsh-completion-20.10.9_ce-156.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "containerd-1.4.11-56.1.ppc64le", product: { name: "containerd-1.4.11-56.1.ppc64le", product_id: "containerd-1.4.11-56.1.ppc64le", }, }, { category: "product_version", name: "containerd-ctr-1.4.11-56.1.ppc64le", product: { name: "containerd-ctr-1.4.11-56.1.ppc64le", product_id: "containerd-ctr-1.4.11-56.1.ppc64le", }, }, { category: "product_version", name: "docker-20.10.9_ce-156.1.ppc64le", product: { name: "docker-20.10.9_ce-156.1.ppc64le", product_id: "docker-20.10.9_ce-156.1.ppc64le", }, }, { category: "product_version", name: "docker-kubic-20.10.9_ce-156.1.ppc64le", product: { name: "docker-kubic-20.10.9_ce-156.1.ppc64le", product_id: "docker-kubic-20.10.9_ce-156.1.ppc64le", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", product: { name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", product_id: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.ppc64le", }, }, { category: "product_version", name: "runc-1.0.2-23.1.ppc64le", product: { name: "runc-1.0.2-23.1.ppc64le", product_id: "runc-1.0.2-23.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "containerd-1.4.11-56.1.s390x", product: { name: "containerd-1.4.11-56.1.s390x", product_id: "containerd-1.4.11-56.1.s390x", }, }, { category: "product_version", name: "containerd-ctr-1.4.11-56.1.s390x", product: { name: "containerd-ctr-1.4.11-56.1.s390x", product_id: "containerd-ctr-1.4.11-56.1.s390x", }, }, { category: "product_version", name: "docker-20.10.9_ce-156.1.s390x", product: { name: "docker-20.10.9_ce-156.1.s390x", product_id: "docker-20.10.9_ce-156.1.s390x", }, }, { category: "product_version", name: "docker-kubic-20.10.9_ce-156.1.s390x", product: { name: "docker-kubic-20.10.9_ce-156.1.s390x", product_id: "docker-kubic-20.10.9_ce-156.1.s390x", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", product: { name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", product_id: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.s390x", }, }, { category: "product_version", name: "runc-1.0.2-23.1.s390x", product: { name: "runc-1.0.2-23.1.s390x", product_id: "runc-1.0.2-23.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "containerd-1.4.11-56.1.x86_64", product: { name: "containerd-1.4.11-56.1.x86_64", product_id: "containerd-1.4.11-56.1.x86_64", }, }, { category: "product_version", name: "containerd-ctr-1.4.11-56.1.x86_64", product: { name: "containerd-ctr-1.4.11-56.1.x86_64", product_id: "containerd-ctr-1.4.11-56.1.x86_64", }, }, { category: "product_version", name: "docker-20.10.9_ce-156.1.x86_64", product: { name: "docker-20.10.9_ce-156.1.x86_64", product_id: "docker-20.10.9_ce-156.1.x86_64", }, }, { category: "product_version", name: "docker-kubic-20.10.9_ce-156.1.x86_64", product: { name: "docker-kubic-20.10.9_ce-156.1.x86_64", product_id: "docker-kubic-20.10.9_ce-156.1.x86_64", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", product: { name: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", product_id: "docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1.x86_64", }, }, { category: "product_version", name: "runc-1.0.2-23.1.x86_64", product: { name: "runc-1.0.2-23.1.x86_64", product_id: "runc-1.0.2-23.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Containers 15 SP2", product: { name: "SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-containers:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Containers 15 SP3", product: { name: "SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-containers:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15-LTSS", product: { name: "SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP1-BCL", product: { name: "SUSE Linux Enterprise Server 15 SP1-BCL", product_id: "SUSE Linux Enterprise Server 15 SP1-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles_bcl:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP1-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Micro 5.0", product: { name: "SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0", product_identification_helper: { cpe: "cpe:/o:suse:suse-microos:5.0", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Micro 5.1", product: { name: "SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-microos:5.1", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 6", product: { name: "SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6", product_identification_helper: { cpe: "cpe:/o:suse:ses:6", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 7", product: { name: "SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7", product_identification_helper: { cpe: "cpe:/o:suse:ses:7", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", }, product_reference: "containerd-1.4.11-56.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP2", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", }, product_reference: "containerd-1.4.11-56.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP2", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", }, product_reference: "containerd-1.4.11-56.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP2", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", }, product_reference: "containerd-1.4.11-56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP2", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", }, product_reference: "docker-20.10.9_ce-156.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP2", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", }, product_reference: "docker-20.10.9_ce-156.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP2", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", }, product_reference: "docker-20.10.9_ce-156.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP2", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", }, product_reference: "docker-20.10.9_ce-156.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP2", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.9_ce-156.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-bash-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP2", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", }, product_reference: "runc-1.0.2-23.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP2", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", }, product_reference: "runc-1.0.2-23.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP2", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", }, product_reference: "runc-1.0.2-23.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP2", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP2", product_id: "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", }, product_reference: "runc-1.0.2-23.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP2", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", }, product_reference: "containerd-1.4.11-56.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", }, product_reference: "containerd-1.4.11-56.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", }, product_reference: "containerd-1.4.11-56.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", }, product_reference: "containerd-1.4.11-56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", }, product_reference: "docker-20.10.9_ce-156.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", }, product_reference: "docker-20.10.9_ce-156.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", }, product_reference: "docker-20.10.9_ce-156.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", }, product_reference: "docker-20.10.9_ce-156.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.9_ce-156.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-bash-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "docker-fish-completion-20.10.9_ce-156.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-fish-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", }, product_reference: "runc-1.0.2-23.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", }, product_reference: "runc-1.0.2-23.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", }, product_reference: "runc-1.0.2-23.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", }, product_reference: "runc-1.0.2-23.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", }, product_reference: "containerd-1.4.11-56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", }, product_reference: "docker-20.10.9_ce-156.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.9_ce-156.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-bash-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", }, product_reference: "runc-1.0.2-23.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", }, product_reference: "containerd-1.4.11-56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", }, product_reference: "docker-20.10.9_ce-156.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.9_ce-156.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-bash-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", }, product_reference: "runc-1.0.2-23.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", }, product_reference: "containerd-1.4.11-56.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", }, product_reference: "containerd-1.4.11-56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", }, product_reference: "docker-20.10.9_ce-156.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", }, product_reference: "docker-20.10.9_ce-156.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.9_ce-156.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-bash-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", }, product_reference: "runc-1.0.2-23.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", }, product_reference: "runc-1.0.2-23.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", }, product_reference: "containerd-1.4.11-56.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", }, product_reference: "containerd-1.4.11-56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", }, product_reference: "docker-20.10.9_ce-156.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", }, product_reference: "docker-20.10.9_ce-156.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.9_ce-156.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-bash-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", }, product_reference: "runc-1.0.2-23.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", }, product_reference: "runc-1.0.2-23.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", }, product_reference: "containerd-1.4.11-56.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", }, product_reference: "containerd-1.4.11-56.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", }, product_reference: "containerd-1.4.11-56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", }, product_reference: "docker-20.10.9_ce-156.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", }, product_reference: "docker-20.10.9_ce-156.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", }, product_reference: "docker-20.10.9_ce-156.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.9_ce-156.1.noarch as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-bash-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", }, product_reference: "runc-1.0.2-23.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", }, product_reference: "runc-1.0.2-23.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", }, product_reference: "runc-1.0.2-23.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", }, product_reference: "runc-1.0.2-23.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL", product_id: "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", }, product_reference: "containerd-1.4.11-56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-BCL", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL", product_id: "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", }, product_reference: "docker-20.10.9_ce-156.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-BCL", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.9_ce-156.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-BCL", product_id: "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-bash-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-BCL", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL", product_id: "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", }, product_reference: "runc-1.0.2-23.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-BCL", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", }, product_reference: "containerd-1.4.11-56.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", }, product_reference: "containerd-1.4.11-56.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", }, product_reference: "containerd-1.4.11-56.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", }, product_reference: "containerd-1.4.11-56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", }, product_reference: "docker-20.10.9_ce-156.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", }, product_reference: "docker-20.10.9_ce-156.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", }, product_reference: "docker-20.10.9_ce-156.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", }, product_reference: "docker-20.10.9_ce-156.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.9_ce-156.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-bash-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", }, product_reference: "runc-1.0.2-23.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", }, product_reference: "runc-1.0.2-23.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", }, product_reference: "runc-1.0.2-23.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", }, product_reference: "runc-1.0.2-23.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", }, product_reference: "containerd-1.4.11-56.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", }, product_reference: "containerd-1.4.11-56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", }, product_reference: "docker-20.10.9_ce-156.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", }, product_reference: "docker-20.10.9_ce-156.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.9_ce-156.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-bash-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", }, product_reference: "runc-1.0.2-23.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", }, product_reference: "runc-1.0.2-23.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", }, product_reference: "containerd-1.4.11-56.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", }, product_reference: "containerd-1.4.11-56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", }, product_reference: "docker-20.10.9_ce-156.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", }, product_reference: "docker-20.10.9_ce-156.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.9_ce-156.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-bash-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", }, product_reference: "runc-1.0.2-23.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", }, product_reference: "runc-1.0.2-23.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", }, product_reference: "containerd-1.4.11-56.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.0", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", }, product_reference: "containerd-1.4.11-56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.0", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", }, product_reference: "docker-20.10.9_ce-156.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.0", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", }, product_reference: "docker-20.10.9_ce-156.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.0", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", }, product_reference: "runc-1.0.2-23.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.0", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", }, product_reference: "runc-1.0.2-23.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.0", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", }, product_reference: "containerd-1.4.11-56.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.s390x as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", }, product_reference: "containerd-1.4.11-56.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", }, product_reference: "containerd-1.4.11-56.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", }, product_reference: "docker-20.10.9_ce-156.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.s390x as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", }, product_reference: "docker-20.10.9_ce-156.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", }, product_reference: "docker-20.10.9_ce-156.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", }, product_reference: "runc-1.0.2-23.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.s390x as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", }, product_reference: "runc-1.0.2-23.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", }, product_reference: "runc-1.0.2-23.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.aarch64 as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", }, product_reference: "containerd-1.4.11-56.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.11-56.1.x86_64 as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", }, product_reference: "containerd-1.4.11-56.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.aarch64 as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", }, product_reference: "docker-20.10.9_ce-156.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.9_ce-156.1.x86_64 as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", }, product_reference: "docker-20.10.9_ce-156.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.9_ce-156.1.noarch as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", }, product_reference: "docker-bash-completion-20.10.9_ce-156.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.aarch64 as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", }, product_reference: "runc-1.0.2-23.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.x86_64 as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", }, product_reference: "runc-1.0.2-23.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.aarch64 as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", }, product_reference: "runc-1.0.2-23.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "runc-1.0.2-23.1.x86_64 as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", }, product_reference: "runc-1.0.2-23.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7", }, ], }, vulnerabilities: [ { cve: "CVE-2021-30465", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-30465", }, ], notes: [ { category: "general", text: "runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-30465", url: "https://www.suse.com/security/cve/CVE-2021-30465", }, { category: "external", summary: "SUSE Bug 1185405 for CVE-2021-30465", url: "https://bugzilla.suse.com/1185405", }, { category: "external", summary: "SUSE Bug 1189161 for CVE-2021-30465", url: "https://bugzilla.suse.com/1189161", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-25T08:20:55Z", details: "important", }, ], title: "CVE-2021-30465", }, { cve: "CVE-2021-32760", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-32760", }, ], notes: [ { category: "general", text: "containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-32760", url: "https://www.suse.com/security/cve/CVE-2021-32760", }, { category: "external", summary: "SUSE Bug 1188282 for CVE-2021-32760", url: "https://bugzilla.suse.com/1188282", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-25T08:20:55Z", details: "low", }, ], title: "CVE-2021-32760", }, { cve: "CVE-2021-41089", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41089", }, ], notes: [ { category: "general", text: "Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41089", url: "https://www.suse.com/security/cve/CVE-2021-41089", }, { category: "external", summary: "SUSE Bug 1191015 for CVE-2021-41089", url: "https://bugzilla.suse.com/1191015", }, { category: "external", summary: "SUSE Bug 1191355 for CVE-2021-41089", url: "https://bugzilla.suse.com/1191355", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.6, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-25T08:20:55Z", details: "moderate", }, ], title: "CVE-2021-41089", }, { cve: "CVE-2021-41091", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41091", }, ], notes: [ { category: "general", text: "Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41091", url: "https://www.suse.com/security/cve/CVE-2021-41091", }, { category: "external", summary: "SUSE Bug 1191355 for CVE-2021-41091", url: "https://bugzilla.suse.com/1191355", }, { category: "external", summary: "SUSE Bug 1191434 for CVE-2021-41091", url: "https://bugzilla.suse.com/1191434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-25T08:20:55Z", details: "moderate", }, ], title: "CVE-2021-41091", }, { cve: "CVE-2021-41092", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41092", }, ], notes: [ { category: "general", text: "Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41092", url: "https://www.suse.com/security/cve/CVE-2021-41092", }, { category: "external", summary: "SUSE Bug 1191334 for CVE-2021-41092", url: "https://bugzilla.suse.com/1191334", }, { category: "external", summary: "SUSE Bug 1191355 for CVE-2021-41092", url: "https://bugzilla.suse.com/1191355", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-25T08:20:55Z", details: "moderate", }, ], title: "CVE-2021-41092", }, { cve: "CVE-2021-41103", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41103", }, ], notes: [ { category: "general", text: "containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41103", url: "https://www.suse.com/security/cve/CVE-2021-41103", }, { category: "external", summary: "SUSE Bug 1191121 for CVE-2021-41103", url: "https://bugzilla.suse.com/1191121", }, { category: "external", summary: "SUSE Bug 1191355 for CVE-2021-41103", url: "https://bugzilla.suse.com/1191355", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.4.11-56.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.9_ce-156.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 6:runc-1.0.2-23.1.x86_64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.aarch64", "SUSE Enterprise Storage 7:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.0:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Micro 5.1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP2:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP2:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-BCL:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.aarch64", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:runc-1.0.2-23.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.4.11-56.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.9_ce-156.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.9_ce-156.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:runc-1.0.2-23.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-10-25T08:20:55Z", details: "moderate", }, ], title: "CVE-2021-41103", }, ], }
gsd-2021-32760
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.
Aliases
Aliases
{ GSD: { alias: "CVE-2021-32760", description: "containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.", id: "GSD-2021-32760", references: [ "https://www.suse.com/security/cve/CVE-2021-32760.html", "https://ubuntu.com/security/CVE-2021-32760", "https://advisories.mageia.org/CVE-2021-32760.html", "https://security.archlinux.org/CVE-2021-32760", "https://alas.aws.amazon.com/cve/html/CVE-2021-32760.html", "https://linux.oracle.com/cve/CVE-2021-32760.html", "https://access.redhat.com/errata/RHSA-2022:2183", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2021-32760", ], details: "containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.", id: "GSD-2021-32760", modified: "2023-12-13T01:23:08.765994Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-32760", STATE: "PUBLIC", TITLE: "Archive package allows chmod of file outside of unpack target directory", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "containerd", version: { version_data: [ { version_value: "<= 1.4.7", }, { version_value: ">= 1.5.0, <= 1.5.3", }, ], }, }, ], }, vendor_name: "containerd", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-668: Exposure of Resource to Wrong Sphere", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w", refsource: "CONFIRM", url: "https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w", }, { name: "https://github.com/containerd/containerd/releases/tag/v1.4.8", refsource: "MISC", url: "https://github.com/containerd/containerd/releases/tag/v1.4.8", }, { name: "https://github.com/containerd/containerd/releases/tag/v1.5.4", refsource: "MISC", url: "https://github.com/containerd/containerd/releases/tag/v1.5.4", }, { name: "FEDORA-2021-53ce601cb0", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/", }, { name: "GLSA-202401-31", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202401-31", }, ], }, source: { advisory: "GHSA-c72p-9xmj-rx3w", discovery: "UNKNOWN", }, }, "gitlab.com": { advisories: [ { affected_range: "<1.4.8||>=1.5.0 <1.5.4", affected_versions: "All versions before 1.4.8, all versions starting from 1.5.0 before 1.5.4", cvss_v2: "AV:N/AC:M/Au:N/C:P/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", cwe_ids: [ "CWE-1035", "CWE-732", "CWE-937", ], date: "2022-10-25", description: "containerd is a container runtime. A bug was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.", fixed_versions: [ "1.4.8", "1.5.4", ], identifier: "CVE-2021-32760", identifiers: [ "CVE-2021-32760", "GHSA-c72p-9xmj-rx3w", ], not_impacted: "", package_slug: "go/github.com/containerd/containerd", pubdate: "2021-07-19", solution: "Upgrade to versions 1.4.8, 1.5.4 or above.", title: "Exposure of Resource to Wrong Sphere", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2021-32760", ], uuid: "c6818119-f69c-4813-a5c9-8b6d45213ad0", }, ], }, "nvd.nist.gov": { cve: { configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*", matchCriteriaId: "B80F3640-4786-43D6-B222-FBE9A98B86D8", versionEndExcluding: "1.4.8", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*", matchCriteriaId: "B29F81BF-E74A-4C4E-ADEE-7A70AA58A9DC", versionEndExcluding: "1.5.4", versionStartIncluding: "1.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.", }, { lang: "es", value: "containerd es un tiempo de ejecución de contenedores. Se ha encontrado un bug en las versiones de containerd anteriores a 1.4.8 y la 1.5.4, donde tirando y extrayendo una imagen de contenedor especialmente diseñada puede resultar en cambios en los permisos de archivos Unix para los archivos existentes en el sistema de archivos del host. Los cambios en los permisos de los archivos pueden denegar el acceso al propietario esperado del archivo, ampliar el acceso a otros, o establecer bits extendidos como setuid, setgid y sticky. Este bug no permite directamente la lectura, modificación o ejecución de archivos sin un proceso adicional de cooperación. Este bug ha sido corregido en containerd versiones 1.5.4 y 1.4.8. Como solución, asegúrese de que los usuarios sólo obtienen imágenes de fuentes de confianza. Los módulos de seguridad de Linux (LSM) como SELinux y AppArmor pueden limitar los archivos potencialmente afectados por este bug mediante políticas y perfiles que impiden que containerd interactúe con archivos específicos", }, ], id: "CVE-2021-32760", lastModified: "2024-01-31T13:15:08.313", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.4, source: "security-advisories@github.com", type: "Secondary", }, ], }, published: "2021-07-19T21:15:07.857", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/containerd/containerd/releases/tag/v1.4.8", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/containerd/containerd/releases/tag/v1.5.4", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/", }, { source: "security-advisories@github.com", url: "https://security.gentoo.org/glsa/202401-31", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-668", }, ], source: "security-advisories@github.com", type: "Secondary", }, ], }, }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.