CVE-2022-0811: A flaw introduced in CRI-O version 1.19 which an attacker can use to bypass the safeguards and set arbitrary kernel parameters on the host. As a result, anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime can abuse the “kernel.core_pattern” kernel parameter to achieve container escape and arbitrary code execution as root on any node in the cluster. Please bump to 1.23.2.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1686e3c35d110a4979eba666acb3d3a2ba412e7f commit 1686e3c35d110a4979eba666acb3d3a2ba412e7f Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-03-16 00:21:01 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-03-16 00:21:07 +0000 app-containers/cri-o: remove vulnerable version Bug: https://bugs.gentoo.org/835336 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-containers/cri-o/Manifest | 1 - app-containers/cri-o/cri-o-1.23.1.ebuild | 2157 ------------------------------ 2 files changed, 2158 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b335fc22c74436109ccd7fc04327797c4735bfe commit 2b335fc22c74436109ccd7fc04327797c4735bfe Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-03-16 00:19:32 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-03-16 00:19:41 +0000 app-containers/cri-o: add 1.23.2 Bug: https://bugs.gentoo.org/835336 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-containers/cri-o/Manifest | 1 + app-containers/cri-o/cri-o-1.23.2.ebuild | 2157 ++++++++++++++++++++++++++++++ 2 files changed, 2158 insertions(+)
Thanks! All done.