Source: crun Version: 0.17+dfsg-1.1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 0.17+dfsg-1
Hi, The following vulnerability was published for crun. CVE-2022-27650[0]: | A flaw was found in crun where containers were incorrectly started | with non-empty default permissions. A vulnerability was found in Moby | (Docker Engine) where containers were started incorrectly with non- | empty inheritable Linux process capabilities. This flaw allows an | attacker with access to programs with inheritable file capabilities to | elevate those capabilities to the permitted set when execve(2) runs. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-27650 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27650 [1] https://github.com/containers/crun/commit/b847d146d496c9d7beba166fd595488e85488562 Regards, Salvatore
