[Buildroot] [PATCH 1/1] package/runc: security bump to v1.1.2
Christian Stewart
christian at paral.in
Wed Jun 1 18:10:47 UTC 2022
Fixes CVE-2022-29162
Minor security issue (which appears to not be exploitable) related to process
capabilities.
A bug was found in runc where runc exec --cap executed processes with ble Linux
process capabilities, creating an atypical Linux environment. For more
information, see GHSA-f3fp-gc8g-vw66 and CVE-2022-29162.
runc spec no longer sets any inheritable capabilities in the created example OCI
spec (config.json) file.
https://github.com/opencontainers/runc/releases/tag/v1.1.2
Signed-off-by: Christian Stewart <christian at paral.in>
---
package/runc/runc.hash | 2 +-
package/runc/runc.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/runc/runc.hash b/package/runc/runc.hash
index fe3c4cc488..f8133d13c1 100644
--- a/package/runc/runc.hash
+++ b/package/runc/runc.hash
@@ -1,3 +1,3 @@
# Locally computed
-sha256 11a34535c108b36fd59de58e7bef3a130444c9ea41e4b8bb8f8d4654c8ad654c runc-1.1.1.tar.gz
+sha256 0ccce82b1d9c058d8fd7443d261c96fd7a803f2775bcb1fec2bdb725bc7640f6 runc-1.1.2.tar.gz
sha256 552a739c3b25792263f731542238b92f6f8d07e9a488eae27e6c4690038a8243 LICENSE
diff --git a/package/runc/runc.mk b/package/runc/runc.mk
index 2618b71f63..5faa8b683d 100644
--- a/package/runc/runc.mk
+++ b/package/runc/runc.mk
@@ -4,7 +4,7 @@
#
################################################################################
-RUNC_VERSION = 1.1.1
+RUNC_VERSION = 1.1.2
RUNC_SITE = $(call github,opencontainers,runc,v$(RUNC_VERSION))
RUNC_LICENSE = Apache-2.0, LGPL-2.1 (libseccomp)
RUNC_LICENSE_FILES = LICENSE
--
2.35.1
More information about the buildroot
mailing list