CBL Mariner 2.0 Security Update: moby-runc / kubevirt / kubernetes / cri-tools (CVE-2024-21626M)

high Nessus Plugin ID 191097

Synopsis

The remote CBL Mariner host is missing one or more security updates.

Description

The version of moby-runc / kubevirt / kubernetes / cri-tools installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21626M advisory.

- NIST NVD Details (CVE-2024-21626M)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://nvd.nist.gov/vuln/detail/CVE-2024-21626

Plugin Details

Severity: High

ID: 191097

File Name: mariner_moby-runc_kubevirt_kubernetes_cri-tools_CVE-2024-21626M.nasl

Version: 1.0

Type: local

Published: 2/28/2024

Updated: 2/28/2024

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:microsoft:cbl-mariner:cri-tools, p-cpe:/a:microsoft:cbl-mariner:kubernetes, p-cpe:/a:microsoft:cbl-mariner:kubernetes-client, p-cpe:/a:microsoft:cbl-mariner:kubernetes-kube-apiserver, p-cpe:/a:microsoft:cbl-mariner:kubernetes-kube-controller-manager, p-cpe:/a:microsoft:cbl-mariner:kubernetes-kube-proxy, p-cpe:/a:microsoft:cbl-mariner:kubernetes-kube-scheduler, p-cpe:/a:microsoft:cbl-mariner:kubernetes-kubeadm, p-cpe:/a:microsoft:cbl-mariner:kubernetes-pause, p-cpe:/a:microsoft:cbl-mariner:kubevirt-container-disk, p-cpe:/a:microsoft:cbl-mariner:kubevirt-tests, p-cpe:/a:microsoft:cbl-mariner:kubevirt-virt-api, p-cpe:/a:microsoft:cbl-mariner:kubevirt-virt-controller, p-cpe:/a:microsoft:cbl-mariner:kubevirt-virt-handler, p-cpe:/a:microsoft:cbl-mariner:kubevirt-virt-launcher, p-cpe:/a:microsoft:cbl-mariner:kubevirt-virt-operator, p-cpe:/a:microsoft:cbl-mariner:kubevirt-virtctl, p-cpe:/a:microsoft:cbl-mariner:moby-runc, p-cpe:/a:microsoft:cbl-mariner:moby-runc-debuginfo, x-cpe:/o:microsoft:cbl-mariner

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/CBLMariner/release, Host/CBLMariner/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/13/2024

Vulnerability Publication Date: 2/13/2024