important: neod security update
important
An update for neod is now available for NewStart CGSL MAIN 6.06.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
neod:
Security Fix(es):
neod: A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.(CVE-2020-0601)
neod: A flaw was found in containerd CRI plugin. Containers launched through containerd's CRI implementation that share the same image may receive incorrect environment variables, including values that are defined for other containers. The highest threat from this vulnerability is to data confidentiality.(CVE-2021-21334)
neod: A flaw was found in the containerd package. Containerd could allow a local authenticated attacker to traverse directories on the system, due to improper restricted permissions on the container root and plugin directories. This issue could allow an attacker to send a specially-crafted request containing "dot dot" sequences (/../) to view directory contents and execute programs.(CVE-2021-41103)
neod: An information leak was discovered in containerd. This issue could allow a remote attacker access to read-only copies of arbitrary files and directories on the host, which can be exploited with a specially-crafted image configuration.(CVE-2022-23648)
neod: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.06.03B7.