Main Vulnerability Database SB20220615121

SB20220615121 - Anolis OS update for container-tools:3.0 module

Published: June 15, 2022 Updated: March 28, 2025

Security Bulletin ID SB20220615121

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security restrictions bypass (CVE-ID: CVE-2022-1227)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to improper privilege management when running podman top on a container made from a maliciously-crafted image and using a user namespace. An attacker with full access to the container can execute arbitrary code in the host context.

Remediation

Install update from vendor's website.

References

https://anas.openanolis.cn/errata/detail/ANSA-2022:0441

Vulnerable Software

Anolis OS: 8
podman-docker: before 3.0.1-9
container-selinux: before 2.178.0-2
podman-tests: before 3.0.1-9
podman-remote: before 3.0.1-9
podman-plugins: before 3.0.1-9
podman-catatonit: before 3.0.1-9
podman: before 3.0.1-9
crun: before 0.18-3
buildah-tests: before 1.19.9-3
buildah: before 1.19.9-3
toolbox-tests: before 0.0.99.3-1
toolbox: before 0.0.99.3-1
skopeo-tests: before 1.2.4-1
skopeo: before 1.2.4-1
runc: before 1.0.0-73.rc95
oci-seccomp-bpf-hook: before 1.2.0-3
containers-common: before 1.2.4-1
fuse-overlayfs: before 1.4.0-2
conmon: before 2.0.26-1
udica: before 0.2.4-1
cockpit-podman: before 29-2
slirp4netns: before 1.1.8-1
python3-criu: before 3.15-1
libslirp-devel: before 4.3.1-1
libslirp: before 4.3.1-1
criu: before 3.15-1
crit: before 3.15-1
containernetworking-plugins: before 0.9.1-1

SB20220615121 - Anolis OS update for container-tools:3.0 module

Breakdown by Severity

Description

Remediation

References

Please verify you're human