Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: conmon-rs

Found 5 matching suggestions

Permalink CVE-2025-4574
created 4 months, 3 weeks ago
Crossbeam-channel: crossbeam-channel vulnerable to double free on drop

In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.

Affected products

gjs
rust
firefox
librsvg2
conmon-rs
rpm-ostree
389-ds-base
thunderbird
python-maturin
rust-afterburn
kata-containers
coreos-installer
crossbeam-channel
  • <0.5.15
python3.12-maturin
rhtas/tuffer-rhel9
rhtas/tuftool-rhel9
rust-coreos-installer
389-ds:1.4/389-ds-base
rust-toolset:rhel8/rust
redhat-ds:11/389-ds-base
redhat-ds:12/389-ds-base
trustee-guest-components
rhoai/odh-feast-operator-rhel8
rhoai/odh-feature-server-rhel8
rhtpa/rhtpa-trustification-service-rhel9

Matching in nixpkgs

pkgs.irust

Cross Platform Rust Repl

  • nixos-unstable -

pkgs.mrustc

Mutabah's Rust Compiler

  • nixos-unstable -

pkgs.rustup

Rust toolchain installer

  • nixos-unstable -

pkgs.rustus

TUS protocol implementation in Rust

  • nixos-unstable -

pkgs.rustcat

Port listener and reverse shell

  • nixos-unstable -

pkgs.rustfmt

Tool for formatting Rust code according to style guidelines

  • nixos-unstable -

pkgs.rustdesk

Virtual / remote desktop infrastructure for everyone! Open source TeamViewer / Citrix alternative

  • nixos-unstable -

pkgs.rustical

Yet another calendar server aiming to be simple, fast and passwordless

  • nixos-unstable -

pkgs.rustscan

Faster Nmap Scanning with Rust

  • nixos-unstable -

pkgs.rustycli

Access the rust playground right in terminal

  • nixos-unstable -

pkgs.svd2rust

Generate Rust register maps (`struct`s) from SVD files

  • nixos-unstable -

pkgs.conmon-rs

OCI container runtime monitor written in Rust

  • nixos-unstable -

pkgs.hath-rust

Unofficial Hentai@Home client written in Rust

  • nixos-unstable -

pkgs.rust-motd

Beautiful, useful MOTD generation with zero runtime dependencies

  • nixos-unstable -

pkgs.rustdress

Self-hosted Lightning Address Server

  • nixos-unstable -

pkgs.rusti-cal

Minimal command line calendar, similar to cal

  • nixos-unstable -

pkgs.rustic-rs

Fast, encrypted, deduplicated backups powered by pure Rust

  • nixos-unstable -

pkgs.rustlings

Explore the Rust programming language and learn more about it while doing exercises

  • nixos-unstable -

pkgs.rusty-man

Command-line viewer for documentation generated by rustdoc

  • nixos-unstable -

pkgs.rusty-psn

Simple tool to grab updates for PS3 games, directly from Sony's servers using their updates API

  • nixos-unstable -

pkgs.rustywind

CLI for organizing Tailwind CSS classes

  • nixos-unstable -

pkgs.xulrunner

Web browser built from Firefox source tree

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

  • nixos-unstable -

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

  • nixos-unstable -

pkgs.rustfinity

CLI for Rustfinity challenges solving

  • nixos-unstable -

pkgs.rustpython

Python 3 interpreter in written Rust

  • nixos-unstable -

pkgs.rusty-bash

Bash written with Rust, a.k.a. sushi shell

  • nixos-unstable -

pkgs.rustypaste

Minimal file upload/pastebin service

  • nixos-unstable -

pkgs.slowlorust

Lightweight slowloris (HTTP DoS) tool

  • nixos-unstable -

pkgs.trustymail

Tool to scan domains and return data based on trustworthy email best practices

  • nixos-unstable -

pkgs.uncrustify

Source code beautifier for C, C++, C#, ObjectiveC, D, Java, Pawn and VALA

  • nixos-unstable -

pkgs.ff2mpv-rust

Native messaging host for ff2mpv written in Rust

  • nixos-unstable -

pkgs.rust-script

Run Rust files and expressions as scripts without any setup or compilation step

  • nixos-unstable -

pkgs.rustmission

TUI for the Transmission daemon

  • nixos-unstable -

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux

  • nixos-unstable -

pkgs.rust-bindgen

Automatically generates Rust FFI bindings to C (and some C++) libraries

  • nixos-unstable -

pkgs.rust-petname

Generate human readable random names

  • nixos-unstable -

pkgs.rustc-wasm32

Safe, concurrent, practical language (wrapper script)

  • nixos-unstable -

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

  • nixos-unstable -

pkgs.i3status-rust

Very resource-friendly and feature-rich replacement for i3status

  • nixos-unstable -

pkgs.rust-cbindgen

Project for generating C bindings from Rust code

  • nixos-unstable -

pkgs.rust-parallel

Rust shell tool to run commands in parallel with a similar interface to GNU parallel

  • nixos-unstable -

pkgs.rustls-libssl

Partial reimplementation of the OpenSSL 3 libssl ABI using rustls

  • nixos-unstable -

pkgs.rusty-psn-gui

Simple tool to grab updates for PS3 games, directly from Sony's servers using their updates API

  • nixos-unstable -

pkgs.starlark-rust

Rust implementation of the Starlark language

  • nixos-unstable -

pkgs.svd2rust-form

Library for splitting apart a large file with multiple modules into the idiomatic rust directory structure

  • nixos-unstable -

pkgs.aw-server-rust

High-performance implementation of the ActivityWatch server, written in Rust

  • nixos-unstable -

pkgs.doh-proxy-rust

Fast, mature, secure DoH server proxy written in Rust

  • nixos-unstable -

pkgs.faust2jackrust

The faust2jackrust script, part of faust functional programming language for realtime audio signal processing

  • nixos-unstable -

pkgs.rusty-diceware

Commandline diceware, with or without dice, written in Rustlang

  • nixos-unstable -

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

  • nixos-unstable -

pkgs.rust-audit-info

Command-line tool to extract the dependency trees embedded in binaries by cargo-auditable

  • nixos-unstable -

pkgs.rust-streamdeck

ibusb based driver for Elgato StreamDeck devices

  • nixos-unstable -

pkgs.rustdesk-flutter

Virtual / remote desktop infrastructure for everyone! Open source TeamViewer / Citrix alternative

  • nixos-unstable -

pkgs.lomiri.trust-store

Common implementation of a trust store to be used by trusted helpers

  • nixos-unstable -

pkgs.piping-server-rust

Infinitely transfer between every device over pure HTTP with pipes or browsers

  • nixos-unstable -

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

  • nixos-unstable -

pkgs.luaPackages.rustaceanvim

🦀 Supercharge your Rust experience in Neovim! A heavily modified fork of rust-tools.nvim

Package maintainers

Permalink CVE-2024-8676
created 4 months, 3 weeks ago
Cri-o: checkpoint restore can be triggered from different namespaces

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the pod spec, verifying that the pod has access to the mounts it specifies are not applicable to a restored container. This flaw allows a malicious user to trick CRI-O into restoring a pod that doesn't have access to host mounts. The user needs access to the kubelet or cri-o socket to call the restore endpoint and trigger the restore.

Affected products

cri-o
  • <1.31.3
  • *
  • <1.30.8
  • <1.29.11
rhcos
  • *
conmon
container-tools:rhel8/conmon
container-tools:rhel8/podman

Matching in nixpkgs

pkgs.cri-o

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

  • nixos-unstable -

pkgs.conmon

OCI container runtime monitor

  • nixos-unstable -

pkgs.conmon-rs

OCI container runtime monitor written in Rust

  • nixos-unstable -

pkgs.cri-o-unwrapped

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

  • nixos-unstable -

Package maintainers

Permalink CVE-2024-9676
created 4 months, 3 weeks ago
Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.

Affected products

cri-o
  • *
conmon
podman
  • *
skopeo
buildah
  • *
containers/storage
  • <1.55.1
container-tools:rhel8
  • *
quay/quay-builder-rhel8
ocp-tools-4/jenkins-rhel8
container-tools:rhel8/conmon
container-tools:rhel8/podman
container-tools:rhel8/skopeo
container-tools:rhel8/buildah
openshift4/ose-docker-builder
  • *
jenkins-agent-base-rhel9-container
openshift4/ose-docker-builder-rhel9
  • *
ocp-tools-4/jenkins-agent-base-rhel8

Matching in nixpkgs

pkgs.cri-o

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

  • nixos-unstable -

pkgs.conmon

OCI container runtime monitor

  • nixos-unstable -

pkgs.podman

Program for managing pods, containers and container images

  • nixos-unstable -

pkgs.skopeo

Command line utility for various operations on container images and image repositories

  • nixos-unstable -

pkgs.buildah

Tool which facilitates building OCI images

  • nixos-unstable -

pkgs.conmon-rs

OCI container runtime monitor written in Rust

  • nixos-unstable -

pkgs.podman-bootc

Streamlining podman+bootc interactions

  • nixos-unstable -

pkgs.podman-compose

Implementation of docker-compose with podman backend

  • nixos-unstable -

pkgs.podman-desktop

Graphical tool for developing on containers and Kubernetes

  • nixos-unstable -

pkgs.cri-o-unwrapped

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

  • nixos-unstable -

Package maintainers

Permalink CVE-2024-9675
created 4 months, 3 weeks ago
Buildah: buildah allows arbitrary directory mount

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Affected products

cri-o
conmon
podman
  • *
skopeo
buildah
  • *
  • <1.38.0
buildah-container
container-tools:rhel8
  • *
quay/quay-builder-rhel8
ocp-tools-4/jenkins-rhel8
container-tools:rhel8/conmon
container-tools:rhel8/podman
container-tools:rhel8/skopeo
container-tools:rhel8/buildah
openshift4/ose-docker-builder
  • *
openshift4/ose-docker-builder-rhel9
  • *
ocp-tools-4/jenkins-agent-base-rhel8
openshift-enterprise-builder-container
  • *

Matching in nixpkgs

pkgs.cri-o

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

  • nixos-unstable -

pkgs.conmon

OCI container runtime monitor

  • nixos-unstable -

pkgs.podman

Program for managing pods, containers and container images

  • nixos-unstable -

pkgs.skopeo

Command line utility for various operations on container images and image repositories

  • nixos-unstable -

pkgs.buildah

Tool which facilitates building OCI images

  • nixos-unstable -

pkgs.conmon-rs

OCI container runtime monitor written in Rust

  • nixos-unstable -

pkgs.podman-bootc

Streamlining podman+bootc interactions

  • nixos-unstable -

pkgs.podman-compose

Implementation of docker-compose with podman backend

  • nixos-unstable -

pkgs.podman-desktop

Graphical tool for developing on containers and Kubernetes

  • nixos-unstable -

pkgs.cri-o-unwrapped

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

  • nixos-unstable -

Package maintainers

Permalink CVE-2024-3727
created 4 months, 3 weeks ago
Containers/image: digest type does not guarantee valid type

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Affected products

cri-o
  • *
image
  • <5.29.3
  • <5.30.1
rhcos
  • *
conmon
podman
  • *
skopeo
  • *
buildah
  • *
atomic-openshift
osbuild-composer
containers-common
openshift-clients
openshift4/ose-cli
devspaces/udi-rhel8
openshift4/ose-tests
  • *
container-tools:rhel8
  • *
openshift4/ose-console
  • *
openshift4/ose-deployer
quay/quay-builder-rhel8
openshift4/ose-cli-rhel9
openshift4/ose-installer
openshift4/ose-sdn-rhel9
  • *
ocp-tools-4/jenkins-rhel8
source-to-image-container
container-tools:4.0/conmon
container-tools:4.0/podman
container-tools:4.0/skopeo
openshift4/ose-tools-rhel8
  • *
container-tools:4.0/buildah
container-tools:rhel8/conmon
container-tools:rhel8/podman
container-tools:rhel8/skopeo
openshift-serverless-clients
openshift4/ose-cli-artifacts
container-tools:rhel8/buildah
oadp/oadp-velero-plugin-rhel8
oadp/oadp-velero-plugin-rhel9
  • *
openshift4/ose-deployer-rhel9
openshift4/ose-docker-builder
  • *
multicluster-engine/hive-rhel8
multicluster-engine/hive-rhel9
openshift4/network-tools-rhel8
  • *
openshift4/ose-hypershift-rhel9
  • *
openshift4/ose-olm-rukpak-rhel8
openshift4/ose-operator-registry
rhacm2/submariner-rhel8-operator
rhacm2/submariner-rhel9-operator
openshift4/oc-mirror-plugin-rhel8
openshift4/oc-mirror-plugin-rhel9
  • *
openshift4/ose-installer-artifacts
osp-director-provisioner-container
virt-cdi-apiserver-rhel9-container
openshift4/assisted-installer-rhel8
openshift4/ose-ovn-kubernetes-rhel9
  • *
ocp-tools-4/jenkins-agent-base-rhel8
container-tools:4.0/containers-common
source-to-image/source-to-image-rhel8
openshift-serverless-1/client-kn-rhel8
openshift4/ose-insights-rhel9-operator
  • *
openshift4/ose-machine-config-operator
openshift4/ose-operator-registry-rhel9
  • *
container-tools:rhel8/containers-common
multicluster-engine/agent-service-rhel8
openshift4/ose-installer-altinfra-rhel8
openshift4/ose-installer-altinfra-rhel9
openshift4/ose-baremetal-installer-rhel7
openshift4/ose-baremetal-installer-rhel8
openshift4/ose-baremetal-installer-rhel9
openshift4/ose-installer-artifacts-rhel9
openshift4/ose-openshift-apiserver-rhel7
openshift4/ose-openshift-apiserver-rhel8
openshift4/ose-openshift-apiserver-rhel9
  • *
openshift4/assisted-installer-agent-rhel8
openshift4/ose-machine-api-rhel9-operator
  • *
openshift4/ose-operator-lifecycle-manager
  • *
advanced-cluster-security/rhacs-main-rhel8
  • *
ose-openshift-controller-manager-container
rhai-tech-preview/assisted-installer-rhel8
rhmtc/openshift-migration-controller-rhel8
  • *
ose-installer-terraform-providers-container
advanced-cluster-security/rhacs-roxctl-rhel8
  • *
multicluster-engine/assisted-installer-rhel8
openshift4/assisted-installer-reporter-rhel8
openshift4/ose-apiserver-network-proxy-rhel9
  • *
openshift4/ose-machine-config-rhel9-operator
  • *
openshift4/ose-olm-operator-controller-rhel8
openshift4/ose-olm-operator-controller-rhel9
  • *
advanced-cluster-security/rhacs-scanner-rhel8
  • *
openshift4/ose-cluster-ingress-rhel9-operator
  • *
openshift4/ose-cluster-network-rhel9-operator
  • *
rhacm2-tech-preview/submariner-rhel8-operator
advanced-cluster-security/rhacs-rhel8-operator
  • *
openshift4/ose-openshift-proxy-pull-test-rhel8
openshift4/ose-ovn-kubernetes-microshift-rhel9
  • *
advanced-cluster-security/rhacs-collector-rhel8
  • *
advanced-cluster-security/rhacs-operator-bundle
  • *
container-native-virtualization/virt-cdi-cloner
openshift4/ose-agent-installer-api-server-rhel8
  • *
openshift4/ose-agent-installer-api-server-rhel9
  • *
openshift4/ose-agent-installer-node-agent-rhel8
openshift4/ose-agent-installer-node-agent-rhel9
  • *
openshift4/ose-operator-lifecycle-manager-rhel9
  • *
advanced-cluster-security/rhacs-central-db-rhel8
  • *
advanced-cluster-security/rhacs-scanner-db-rhel8
  • *
advanced-cluster-security/rhacs-scanner-v4-rhel8
  • *
openshift4/ose-alibaba-machine-controllers-rhel9
  • *
openshift4/ose-cluster-autoscaler-rhel9-operator
  • *
openshift4/ose-multus-admission-controller-rhel9
  • *
openshift4/ose-multus-whereabouts-ipam-cni-rhel8
  • *
openshift4/ose-nutanix-machine-controllers-rhel9
  • *
openshift4/ose-powervs-machine-controllers-rhel9
  • *
rhai-tech-preview/assisted-installer-agent-rhel8
container-native-virtualization/virt-cdi-importer
container-native-virtualization/virt-cdi-operator
openshift-sandboxed-containers/osc-rhel8-operator
openshift-sandboxed-containers/osc-rhel9-operator
openshift4/ose-agent-installer-csr-approver-rhel8
openshift4/ose-agent-installer-csr-approver-rhel9
openshift4/ose-agent-installer-orchestrator-rhel8
  • *
openshift4/ose-agent-installer-orchestrator-rhel9
  • *
openshift4/ose-cluster-node-tuning-rhel9-operator
  • *
openshift4/ose-openshift-controller-manager-rhel7
openshift4/ose-openshift-controller-manager-rhel8
openshift4/ose-openshift-controller-manager-rhel9
  • *
advanced-cluster-security/rhacs-scanner-slim-rhel8
  • *
container-native-virtualization/virt-cdi-apiserver
multicluster-engine/assisted-installer-agent-rhel8
multicluster-engine/assisted-installer-agent-rhel9
advanced-cluster-security/rhacs-scanner-v4-db-rhel8
  • *
container-native-virtualization/virt-cdi-controller
rhai-tech-preview/assisted-installer-reporter-rhel8
advanced-cluster-security/rhacs-collector-slim-rhel8
  • *
container-native-virtualization/virt-cdi-uploadproxy
openshift-sandboxed-containers/osc-must-gather-rhel8
openshift-sandboxed-containers/osc-must-gather-rhel9
advanced-cluster-security/rhacs-scanner-db-slim-rhel8
  • *
container-native-virtualization/virt-cdi-cloner-rhel9
container-native-virtualization/virt-cdi-uploadserver
multicluster-engine/assisted-installer-reporter-rhel8
openshift4/ose-powervs-cloud-controller-manager-rhel9
  • *
multicluster-engine-assisted-installer-agent-container
container-native-virtualization/virt-cdi-importer-rhel9
container-native-virtualization/virt-cdi-operator-rhel9
container-native-virtualization/virt-cdi-apiserver-rhel9
container-native-virtualization/virt-cdi-controller-rhel9
  • *
container-native-virtualization/virt-cdi-uploadproxy-rhel9
container-native-virtualization/virt-cdi-uploadserver-rhel9
openshift-sandboxed-containers-tech-preview/osc-rhel8-operator
openshift4/ose-cluster-control-plane-machine-set-rhel9-operator
  • *
openshift-sandboxed-containers-tech-preview/osc-must-gather-rhel8

Matching in nixpkgs

pkgs.cri-o

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

  • nixos-unstable -

pkgs.conmon

OCI container runtime monitor

  • nixos-unstable -

pkgs.podman

Program for managing pods, containers and container images

  • nixos-unstable -

pkgs.skopeo

Command line utility for various operations on container images and image repositories

  • nixos-unstable -

pkgs.buildah

Tool which facilitates building OCI images

  • nixos-unstable -

pkgs.conmon-rs

OCI container runtime monitor written in Rust

  • nixos-unstable -

pkgs.podman-bootc

Streamlining podman+bootc interactions

  • nixos-unstable -

pkgs.podman-compose

Implementation of docker-compose with podman backend

  • nixos-unstable -

pkgs.podman-desktop

Graphical tool for developing on containers and Kubernetes

  • nixos-unstable -

pkgs.cri-o-unwrapped

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

  • nixos-unstable -

Package maintainers