Msrc Cbl2 Cri-O 1.21.7-2 On Cbl Mariner 2.0 vulnerabilities

CVE-2023-42821 [HIGH] CWE-125 github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of th

CVE-2022-2995 [HIGH] CWE-732 Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affect Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permiss

CVE-2021-3602 [MEDIUM] CWE-212 An information disclosure flaw was found in Buildah when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variabl An information disclosure flaw was found in Buildah when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in