SUSE Linux Micro 6.1 users: Secure your systems now! Official patch resolves CVE-2024-45310 vulnerability in runc (CVSS 3.6), preventing host file manipulation. Includes update to runc v1.2.6 with full changelog and installation instructions.
Security Advisory Overview
SUSE has released a high-priority security update for its lightweight SUSE Linux Micro 6.1 platform, addressing a moderate-risk vulnerability (CVE-2024-45310) in the runc container runtime.
This exploit could allow attackers to create empty files/directories on the host system (bsc#1230092).
Key Updates Included
Upgrade to runc v1.2.6 (stable) with full upstream changelog:
GitHub Release NotesAdditional fixes from runc v1.2.0-rc.3 for enhanced stability
CVSS 3.6 Score (Low Privilege/User Interaction Required)
Patch Installation Guide
Recommended Methods
For enterprise environments, SUSE recommends:
YaST Online Update (GUI)
Command Line:
zypper in -t patch SUSE-SLE-Micro-6.1-115=1
Affected Architectures
aarch64, ppc64le, s390x, x86_64
Updated Packages:
runc-1.2.6-slfo.1.1_1.1runc-debuginfo-1.2.6-slfo.1.1_1.1
Why This Update Matters for Enterprises
Container security is critical for DevOps, cloud infrastructure, and Kubernetes deployments. This patch:
✔ Mitigates a privilege escalation vector
✔ Aligns with CIS Docker Benchmark recommendations
✔ Prevents potential supply chain attacks in containerized environments
Reference Links:
Frequently Asked Questions
Q: Is this vulnerability exploitable remotely?
A: No. It requires local access and user interaction (CVSS:AV:L/UI:R).
Q: How does this impact Kubernetes clusters?
A: If using runc as the underlying runtime, nodes should be patched during maintenance windows.
Q: Are there workarounds if patching isn’t immediate?
A: Limit container privileges via AppArmor/SELinux profiles.
Nenhum comentário:
Postar um comentário