Control: tags -1 + confirmed On Sun, 2021-12-05 at 00:01 +0800, Shengjing Zhu wrote: > Backport 3 CVE patches. > > + CVE-2021-41089: Create parent directories inside a chroot during > docker > cp to prevent a specially crafted container from changing > permissions of > existing files in the host’s filesystem. > + CVE-2021-41091: Lock down file permissions to prevent unprivileged > users > from discovering and executing programs in /var/lib/docker. > + CVE-2021-41092: Ensure default auth config has address field set, > to > prevent credentials being sent to the default registry. (Closes: > #998292) > > And backport 1 patch to run container which > uses "clone3" syscall (for example glibc 2.34) >
Please go ahead. Regards, Adam
