Anolis OS update for container-tools:an8 module



Risk Low
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2024-9341
CVE-2024-9407
CVE-2024-9675
CWE-ID CWE-20
CWE-22
Exploitation vector Network
Public exploit N/A
Vulnerable software
Anolis OS
Operating systems & Components / Operating system

python3-podman
Operating systems & Components / Operating system package or component

podman-docker
Operating systems & Components / Operating system package or component

skopeo-tests
Operating systems & Components / Operating system package or component

skopeo
Operating systems & Components / Operating system package or component

runc
Operating systems & Components / Operating system package or component

podman-tests
Operating systems & Components / Operating system package or component

podman-remote
Operating systems & Components / Operating system package or component

podman-plugins
Operating systems & Components / Operating system package or component

podman-gvproxy
Operating systems & Components / Operating system package or component

podman-catatonit
Operating systems & Components / Operating system package or component

podman
Operating systems & Components / Operating system package or component

containers-common
Operating systems & Components / Operating system package or component

containernetworking-plugins
Operating systems & Components / Operating system package or component

buildah-tests
Operating systems & Components / Operating system package or component

buildah
Operating systems & Components / Operating system package or component

aardvark-dns
Operating systems & Components / Operating system package or component

udica
Operating systems & Components / Operating system package or component

container-selinux
Operating systems & Components / Operating system package or component

cockpit-podman
Operating systems & Components / Operating system package or component

toolbox-tests
Operating systems & Components / Operating system package or component

toolbox
Operating systems & Components / Operating system package or component

slirp4netns
Operating systems & Components / Operating system package or component

python3-criu
Operating systems & Components / Operating system package or component

oci-seccomp-bpf-hook
Operating systems & Components / Operating system package or component

netavark
Operating systems & Components / Operating system package or component

libslirp-devel
Operating systems & Components / Operating system package or component

libslirp
Operating systems & Components / Operating system package or component

fuse-overlayfs
Operating systems & Components / Operating system package or component

crun
Operating systems & Components / Operating system package or component

criu-libs
Operating systems & Components / Operating system package or component

criu-devel
Operating systems & Components / Operating system package or component

criu
Operating systems & Components / Operating system package or component

crit
Operating systems & Components / Operating system package or component

conmon
Operating systems & Components / Operating system package or component

Vendor OpenAnolis

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU98141

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-9341

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-podman: before 4.9.0-2

podman-docker: before 4.9.4-15.0.1

skopeo-tests: before 1.14.5-3.0.1

skopeo: before 1.14.5-3.0.1

runc: before 1.1.12-5.0.1

podman-tests: before 4.9.4-15.0.1

podman-remote: before 4.9.4-15.0.1

podman-plugins: before 4.9.4-15.0.1

podman-gvproxy: before 4.9.4-15.0.1

podman-catatonit: before 4.9.4-15.0.1

podman: before 4.9.4-15.0.1

containers-common: before 1-82.0.1

containernetworking-plugins: before 1.4.0-5.0.1

buildah-tests: before 1.33.10-1

buildah: before 1.33.10-1

aardvark-dns: before 1.10.1-2.0.1

udica: before 0.2.6-21

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

conmon: before 2.1.10-1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1036


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU98140

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-9407

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files.

Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-podman: before 4.9.0-2

podman-docker: before 4.9.4-15.0.1

skopeo-tests: before 1.14.5-3.0.1

skopeo: before 1.14.5-3.0.1

runc: before 1.1.12-5.0.1

podman-tests: before 4.9.4-15.0.1

podman-remote: before 4.9.4-15.0.1

podman-plugins: before 4.9.4-15.0.1

podman-gvproxy: before 4.9.4-15.0.1

podman-catatonit: before 4.9.4-15.0.1

podman: before 4.9.4-15.0.1

containers-common: before 1-82.0.1

containernetworking-plugins: before 1.4.0-5.0.1

buildah-tests: before 1.33.10-1

buildah: before 1.33.10-1

aardvark-dns: before 1.10.1-2.0.1

udica: before 0.2.6-21

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

conmon: before 2.1.10-1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1036


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Path traversal

EUVDB-ID: #VU98828

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-9675

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to input validation error when processing directory traversal sequences in cache mounts. A local user can execute a 'RUN' instruction in a Container file to mount an arbitrary directory from the host into the container as long as those files can be accessed by the user running Buildah.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-podman: before 4.9.0-2

podman-docker: before 4.9.4-15.0.1

skopeo-tests: before 1.14.5-3.0.1

skopeo: before 1.14.5-3.0.1

runc: before 1.1.12-5.0.1

podman-tests: before 4.9.4-15.0.1

podman-remote: before 4.9.4-15.0.1

podman-plugins: before 4.9.4-15.0.1

podman-gvproxy: before 4.9.4-15.0.1

podman-catatonit: before 4.9.4-15.0.1

podman: before 4.9.4-15.0.1

containers-common: before 1-82.0.1

containernetworking-plugins: before 1.4.0-5.0.1

buildah-tests: before 1.33.10-1

buildah: before 1.33.10-1

aardvark-dns: before 1.10.1-2.0.1

udica: before 0.2.6-21

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

conmon: before 2.1.10-1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1036


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###