Alpine: multiple containerd packages: security update to 1.3.3-r0

high Tenable Self-Hosted Container Security Plugin ID 426572

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to
v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads,
causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable.
Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger
this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by
default for backwards compatibility. (CVE-2019-11253)

- runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to
libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with
custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect
Docker due to an implementation detail that happens to block the attack.) (CVE-2019-19921)

- A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve
Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-
signing certificate to sign a malicious executable, making it appear the file was from a trusted,
legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. (CVE-2020-0601)

- Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before
0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed
X.509 certificate. (CVE-2020-7919)

See Also

https://security.alpinelinux.org/vuln/CVE-2019-11253

https://security.alpinelinux.org/vuln/CVE-2019-19921

https://security.alpinelinux.org/vuln/CVE-2020-0601

https://security.alpinelinux.org/vuln/CVE-2020-7919

Plugin Details

Severity: High

ID: 426572

Version: Revision 1.8

Type: Local

Published: 5/16/2025

Updated: 12/8/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Critical

Score: 9.1

Percentile: 99.75

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2020-0601

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 9/27/2019

CISA Known Exploited Vulnerability Due Dates: 1/29/2020

Reference Information

CVE: CVE-2019-11253, CVE-2019-19921, CVE-2020-0601, CVE-2020-7919