Oval Definition:oval:org.opensuse.security:def:202229162
Revision Date:2023-06-22Version:1
Title:CVE-2022-29162
Description:

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2022-29162
SUSE CVE-2022-29162
SUSE-SU-2022:2165-1
SUSE-IU-2022:760-1
SUSE-IU-2022:761-1
SUSE-IU-2022:763-1
SUSE-IU-2022:814-1
SUSE-IU-2022:817-1
SUSE-IU-2022:836-1
SUSE-IU-2022:853-1
SUSE-IU-2022:859-1
SUSE-IU-2022:878-1
SUSE-IU-2022:953-1
SUSE-IU-2022:954-1
SUSE-IU-2022:955-1
SUSE-SU-2022:2341-1
SUSE-SU-2022:3321-1
SUSE-SU-2022:3333-1
Platform(s):Image SLES15-SP4-Manager-Proxy-4-3-BYOS
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
Image SLES15-SP4-Manager-Server-4-3-BYOS
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
openSUSE Tumbleweed
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 7
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Micro 5.0
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Containers 15 SP3
SUSE Linux Enterprise Module for Containers 15 SP4
SUSE Linux Enterprise Module for Containers 15 SP5
SUSE Linux Enterprise Server 15 SP2-BCL
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Micro 5.3 is installed
  • AND Package Information
  • kubevirt-manifests is affected
  • OR kubevirt-virtctl is affected
    • Definition Synopsis
  • Release Information
  • SUSE CaaS Platform 4.0 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND runc is affected
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND runc is affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • OR SUSE Manager Proxy 4.1 is installed
  • OR SUSE Manager Retail Branch Server 4.1 is installed
  • OR SUSE Manager Server 4.1 is installed
  • AND runc is affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 15 SP3 is installed
  • OR SUSE Linux Enterprise Module for Containers 15 SP3 is installed
  • OR SUSE Linux Enterprise Server 15 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
  • OR SUSE Linux Enterprise Storage 7.1 is installed
  • OR SUSE Manager Proxy 4.2 is installed
  • OR SUSE Manager Retail Branch Server 4.2 is installed
  • OR SUSE Manager Server 4.2 is installed
  • AND runc is affected
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND runc-1.1.2-1.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Micro 5.0 is installed
  • AND runc is affected
    • Definition Synopsis
  • SUSE Linux Enterprise Micro 5.1 is installed
  • AND Package Information
  • containerd-1.6.6-150000.73.2 is installed
  • OR docker-20.10.17_ce-150000.166.1 is installed
  • OR runc-1.1.3-150000.30.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Micro 5.2 is installed
  • AND Package Information
  • containerd-1.6.6-150000.73.2 is installed
  • OR docker-20.10.17_ce-150000.166.1 is installed
  • OR runc-1.1.3-150000.30.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Enterprise Storage 7 is installed
  • OR SUSE Enterprise Storage 7.1 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP3 is installed
  • OR SUSE Linux Enterprise Module for Containers 15 SP3 is installed
  • OR SUSE Linux Enterprise Server 15 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
  • OR SUSE Linux Enterprise Storage 7.1 is installed
  • OR SUSE Manager Proxy 4.2 is installed
  • OR SUSE Manager Retail Branch Server 4.2 is installed
  • OR SUSE Manager Server 4.2 is installed
  • AND runc is affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 15 SP4 is installed
  • OR SUSE Linux Enterprise Module for Containers 15 SP4 is installed
  • OR SUSE Linux Enterprise Server 15 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
  • OR SUSE Manager Proxy 4.3 is installed
  • OR SUSE Manager Retail Branch Server 4.3 is installed
  • OR SUSE Manager Server 4.3 is installed
  • AND Package Information
  • containerd-1.6.6-150000.73.2 is installed
  • OR containerd-ctr-1.6.6-150000.73.2 is installed
  • OR docker-20.10.17_ce-150000.166.1 is installed
  • OR docker-bash-completion-20.10.17_ce-150000.166.1 is installed
  • OR runc-1.1.3-150000.30.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 15 SP4 is installed
  • OR SUSE Linux Enterprise Module for Containers 15 SP4 is installed
  • OR SUSE Linux Enterprise Server 15 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
  • OR SUSE Manager Proxy 4.3 is installed
  • OR SUSE Manager Retail Branch Server 4.3 is installed
  • OR SUSE Manager Server 4.3 is installed
  • AND
  • containerd-1.6.6-150000.73.2 is installed
  • OR containerd-ctr-1.6.6-150000.73.2 is installed
  • OR docker-20.10.17_ce-150000.166.1 is installed
  • OR docker-bash-completion-20.10.17_ce-150000.166.1 is installed
  • OR runc-1.1.3-150000.30.1 is installed
  • OR Package Information
  • Image SLES15-SP4-Manager-Proxy-4-3-BYOS is installed
  • OR Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure is installed
  • OR Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 is installed
  • OR Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE is installed
  • OR Image SLES15-SP4-Manager-Server-4-3-BYOS is installed
  • OR Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure is installed
  • OR Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 is installed
  • OR Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE is installed
  • AND
  • containerd-1.6.6-150000.73.2 is installed
  • OR docker-20.10.17_ce-150000.166.1 is installed
  • OR runc-1.1.3-150000.30.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 15 SP2-LTSS is installed
  • AND
  • containerd-1.6.6-150000.73.2 is installed
  • OR containerd-ctr-1.6.6-150000.73.2 is installed
  • OR docker-20.10.17_ce-150000.166.1 is installed
  • OR docker-bash-completion-20.10.17_ce-150000.166.1 is installed
  • OR runc-1.1.3-150000.30.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 15 SP2-BCL is installed
  • AND
  • containerd-1.6.6-150000.73.2 is installed
  • OR containerd-ctr-1.6.6-150000.73.2 is installed
  • OR docker-20.10.17_ce-150000.166.1 is installed
  • OR docker-bash-completion-20.10.17_ce-150000.166.1 is installed
  • OR runc-1.1.3-150000.30.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS is installed
  • AND
  • containerd-1.6.6-150000.73.2 is installed
  • OR containerd-ctr-1.6.6-150000.73.2 is installed
  • OR docker-20.10.17_ce-150000.166.1 is installed
  • OR docker-bash-completion-20.10.17_ce-150000.166.1 is installed
  • OR runc-1.1.3-150000.30.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • AND
  • containerd-1.6.6-150000.73.2 is installed
  • OR containerd-ctr-1.6.6-150000.73.2 is installed
  • OR docker-20.10.17_ce-150000.166.1 is installed
  • OR docker-bash-completion-20.10.17_ce-150000.166.1 is installed
  • OR runc-1.1.3-150000.30.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Containers 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND Package Information
  • kubevirt-manifests-0.58.0-150500.6.3 is installed
  • OR kubevirt-virtctl-0.58.0-150500.6.3 is installed
  • OR runc-1.1.5-150000.41.1 is installed
    • BACK