Anolis OS update for container-tools:2.0 module



| Updated: 2025-03-28
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2022-27649
CVE-2022-27651
CWE-ID CWE-264
CWE-276
Exploitation vector Network
Public exploit N/A
Vulnerable software
Anolis OS
Operating systems & Components / Operating system

podman-docker
Operating systems & Components / Operating system package or component

runc
Operating systems & Components / Operating system package or component

podman-tests
Operating systems & Components / Operating system package or component

podman-remote
Operating systems & Components / Operating system package or component

podman
Operating systems & Components / Operating system package or component

buildah-tests
Operating systems & Components / Operating system package or component

buildah
Operating systems & Components / Operating system package or component

container-selinux
Operating systems & Components / Operating system package or component

cockpit-podman
Operating systems & Components / Operating system package or component

skopeo-tests
Operating systems & Components / Operating system package or component

skopeo
Operating systems & Components / Operating system package or component

fuse-overlayfs
Operating systems & Components / Operating system package or component

containers-common
Operating systems & Components / Operating system package or component

conmon
Operating systems & Components / Operating system package or component

udica
Operating systems & Components / Operating system package or component

toolbox
Operating systems & Components / Operating system package or component

python-podman-api
Operating systems & Components / Operating system package or component

slirp4netns
Operating systems & Components / Operating system package or component

python3-criu
Operating systems & Components / Operating system package or component

criu
Operating systems & Components / Operating system package or component

crit
Operating systems & Components / Operating system package or component

containernetworking-plugins
Operating systems & Components / Operating system package or component

Vendor OpenAnolis

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU61829

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-27649

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to excess inheritable capabilities set, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 1.6.4-28

runc: before 1.0.0-66.rc10

podman-tests: before 1.6.4-28

podman-remote: before 1.6.4-28

podman: before 1.6.4-28

buildah-tests: before 1.11.6-10

buildah: before 1.11.6-10

container-selinux: before 2.130.0-1

cockpit-podman: before 11-1

skopeo-tests: before 0.1.41-4

skopeo: before 0.1.41-4

fuse-overlayfs: before 0.7.8-1

containers-common: before 0.1.41-4

conmon: before 2.0.15-1

udica: before 0.2.1-2

toolbox: before 0.0.7-1

python-podman-api: before 1.2.0-0.2.gitd0a45fe

slirp4netns: before 0.4.2-3.git21fdece

python3-criu: before 3.12-9

criu: before 3.12-9

crit: before 3.12-9

containernetworking-plugins: before 0.8.3-4

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2022:0116


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Incorrect default permissions

EUVDB-ID: #VU61797

Risk: Medium

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-27651

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A remote attacker can view contents of files and directories or modify them.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 1.6.4-28

runc: before 1.0.0-66.rc10

podman-tests: before 1.6.4-28

podman-remote: before 1.6.4-28

podman: before 1.6.4-28

buildah-tests: before 1.11.6-10

buildah: before 1.11.6-10

container-selinux: before 2.130.0-1

cockpit-podman: before 11-1

skopeo-tests: before 0.1.41-4

skopeo: before 0.1.41-4

fuse-overlayfs: before 0.7.8-1

containers-common: before 0.1.41-4

conmon: before 2.0.15-1

udica: before 0.2.1-2

toolbox: before 0.0.7-1

python-podman-api: before 1.2.0-0.2.gitd0a45fe

slirp4netns: before 0.4.2-3.git21fdece

python3-criu: before 3.12-9

criu: before 3.12-9

crit: before 3.12-9

containernetworking-plugins: before 0.8.3-4

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2022:0116


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###