You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa crun

Sigurnosni nedostatak programskog paketa crun

——————————————————————————–
Fedora Update Notification
FEDORA-2020-7b6058fec9
2020-10-06 00:14:55.971279
——————————————————————————–

Name : crun
Product : Fedora 33
Version : 0.15
Release : 5.fc33
URL : https://github.com/containers/crun
Summary : OCI runtime written in C
Description :
crun is a runtime for running OCI containers

——————————————————————————–
Update Information:

autobuilt v2.1.0, Security fix for CVE-2020-14370 —- correct release tag
on account of prior faulty build_tag macro —- Add back in capability
SYS_CHROOT. —- Remove fchmodat2 from seccomp filters, since it is not in
upstream kernel yet. —- Remove dangerous capabilities by default. —-
Autobuilt v1.1.1
——————————————————————————–
ChangeLog:

* Wed Sep 30 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> – 0.15-5
– rebuild to bump release tag ahead of older fedoras
* Wed Sep 30 2020 Giuseppe Scrivano <gscrivan@redhat.com> – 0.15-4
– backport “exec: check read bytes from sync”
——————————————————————————–
References:

[ 1 ] Bug #1874268 – CVE-2020-14370 podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API
https://bugzilla.redhat.com/show_bug.cgi?id=1874268
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-7b6058fec9’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libproxy

Otkriven je sigurnosni nedostatak programske biblioteke libproxy za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje...

Close