Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 870937 (CVE-2022-2995)

Summary: <app-containers/cri-o-1.25.0: incorrect handling of supplementary groups
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: zmedico
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-17 18:14:37 UTC 
Patch is in 1.25.0: https://github.com/cri-o/cri-o/commit/42b58538426711eeb8a57f841dc3e2d97881f49d

Please cleanup.
Comment 1 Larry the Git Cow gentoo-dev 2022-09-18 17:12:06 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91729deddcdd7a21e48ef8ab6b3af32d6bbfb44e

commit 91729deddcdd7a21e48ef8ab6b3af32d6bbfb44e
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2022-09-18 17:11:29 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2022-09-18 17:11:44 +0000

    app-containers/cri-o: drop 1.24.1
    
    Bug: https://bugs.gentoo.org/870937
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-containers/cri-o/Manifest            |   1 -
 app-containers/cri-o/cri-o-1.24.1.ebuild | 101 -------------------------------
 2 files changed, 102 deletions(-)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-18 21:01:31 UTC 
Thanks, all done!