Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 888053 (CVE-2022-4318) - <app-containers/cri-o-1.26.0: privilege escalation via /etc/passwd injection
Summary: <app-containers/cri-o-1.26.0: privilege escalation via /etc/passwd injection
Status: RESOLVED FIXED
Alias: CVE-2022-4318
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://github.com/cri-o/cri-o/releas...
Whiteboard: ~1 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-12-23 05:28 UTC by John Helmert III
Modified: 2022-12-24 17:30 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-23 05:28:07 UTC 
Despite having a CVE, I learned about this from the release notes at URL. Please bump to 1.26.0.

RedHat bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-4318
Comment 1 Larry the Git Cow gentoo-dev 2022-12-24 17:23:35 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=95a2e3699d7c8b9cf23ba934aabd10c2f5c0259a

commit 95a2e3699d7c8b9cf23ba934aabd10c2f5c0259a
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2022-12-24 17:23:05 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2022-12-24 17:23:31 +0000

    app-containers/cri-o: drop 1.25.0, 1.25.1
    
    Bug: https://bugs.gentoo.org/888053
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-containers/cri-o/Manifest            |   2 -
 app-containers/cri-o/cri-o-1.25.0.ebuild | 102 -------------------------------
 app-containers/cri-o/cri-o-1.25.1.ebuild | 102 -------------------------------
 3 files changed, 206 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef543c05d04de91446413d10a4c8141e358bb135

commit ef543c05d04de91446413d10a4c8141e358bb135
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2022-12-24 17:22:18 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2022-12-24 17:23:31 +0000

    app-containers/cri-o: add 1.26.0
    
    Bug: https://bugs.gentoo.org/888053
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-containers/cri-o/Manifest            |   1 +
 app-containers/cri-o/cri-o-1.26.0.ebuild | 102 +++++++++++++++++++++++++++++++
 2 files changed, 103 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-24 17:30:10 UTC 
Thanks! All done.