Sicherheit: Mangelnde Prüfung von Umgebungsvariablen in crun
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Umgebungsvariablen in crun
ID: FEDORA-2020-7b6058fec9
Distribution: Fedora
Plattformen: Fedora 33
Datum: Di, 6. Oktober 2020, 06:11
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14370
Applikationen: crun


Fedora Update Notification
2020-10-06 00:14:55.971279

Name : crun
Product : Fedora 33
Version : 0.15
Release : 5.fc33
URL : https://github.com/containers/crun
Summary : OCI runtime written in C
Description :
crun is a runtime for running OCI containers

Update Information:

autobuilt v2.1.0, Security fix for CVE-2020-14370 ---- correct release tag
on account of prior faulty build_tag macro ---- Add back in capability
SYS_CHROOT. ---- Remove fchmodat2 from seccomp filters, since it is not in
upstream kernel yet. ---- Remove dangerous capabilities by default. ----
Autobuilt v1.1.1

* Wed Sep 30 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> - 0.15-5
- rebuild to bump release tag ahead of older fedoras
* Wed Sep 30 2020 Giuseppe Scrivano <gscrivan@redhat.com> - 0.15-4
- backport "exec: check read bytes from sync"

[ 1 ] Bug #1874268 - CVE-2020-14370 podman: environment variables leak
between containers when started via Varlink or Docker-compatible REST API

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-7b6058fec9' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten