drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen von Code mit höheren Privilegien in Apptainer
Name: |
Ausführen von Code mit höheren Privilegien in Apptainer |
|
ID: |
202311-13 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
So, 26. November 2023, 00:17 |
|
Referenzen: |
https://nvd.nist.gov/vuln/detail/CVE-2023-30549 |
|
Applikationen: |
Apptainer |
|
Originalnachricht |
--===============4581380655311239346== Content-Type: text/plain; charset="utf-8"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202311-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High Title: Apptainer: Privilege Escalation Date: November 25, 2023 Bugs: #905091 ID: 202311-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
A privilege escalation vulnerability has been discoverd in Apptainer.
Background ==========
Apptainer is the container system for secure high-performance computing.
Affected packages =================
Package Vulnerable Unaffected ------------------------ ------------ ------------ app-containers/apptainer < 1.1.8 >= 1.1.8
Description ===========
A vulnerability has been discovered in Apptainer. Please review the CVE identifier referenced below for details.
Impact ======
There is an ext4 use-after-free flaw that is exploitable in vulnerable versions.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All Apptainer users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-containers/apptainer-1.1.8"
References ==========
[ 1 ] CVE-2023-30549 https://nvd.nist.gov/vuln/detail/CVE-2023-30549
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202311-13
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 --===============4581380655311239346== Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmVh0PgACgkQFMQkOaVy +9motg//RTETZ7k+q+27jV+9KsCa84CAfmxywKyL9KmqgV6c45EecRG4LfhAD+jq sgQvT8NihBsW2VuY48CPS744WKtB+aBztWYMSUyytIO7OopTTJwPYPhQZcjiI3b0 hk/ER3coUl1qwoom8cMxA2nk+EmoHVB3UWFNxjJkje7bkPbhZAsPwj1R7U/yThuW 3GmnB35+wTiZu5wEnqOvVgWonTeZOULlbEeQ7AyIlybNDkT/LJ89yOGMlsZ2MRx8 XCv/kwEeP/bseGVi6o/dJuRr4H5T4r+93MDAPQxSP8R2sevRhx0I5SDRoumJZsl+ Ii5F/WY+zOsLL0FdIpFWIY1uGdRYHstgA3o/CXr37LBbMV130NnwpZuSdWLE3y9I 3lG7eB5BDuv98uMMK722U2F/N8Ua4W/UQ5EhY4sB5gsAe+b7GpMA0wPh6oV5dqFi Qy+e6cs54rZwOlbQYQNiE3pRsuxygSPH7qmFiGmIIw+XViWpdLZkq95KsX0swkf2 hr4rehMAY+DeHtNKzcB1FkGiN+e3vdMLDy/hg9sSfJ9tluo0dAoJzDsMEk/TGJ4n /L9LgYjFO4O0tfDldmcF1kZYfy/wsmJ3HDGLzR1TXqqEwxnD3mL82CBkBoVr5NyJ 3gNfcwbHY4VvM32QcUoMK4Mp15WMe1Bw06brTrFqPM+Z2GpuMNA= =cgDG -----END PGP SIGNATURE-----
--===============4581380655311239346==--
|
|
|
|