There are 2 open security issues in bookworm.
2 issues left for the package maintainer to handle:
- CVE-2023-7258:
(needs triaging)
A denial of service exists in Gvisor Sandbox where a bug in reference counting code in mount point tracking could lead to a panic, making it possible for an attacker running as root and with permission to mount volumes to kill the sandbox. We recommend upgrading past commit 6a112c60a257dadac59962e0bc9e9b5aee70b5b6
- CVE-2025-2713:
(needs triaging)
Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork.
You can find information about how to handle these issues in the security team's documentation.