[Buildroot] [PATCH v1 1/1] package/runc: security bump to version v1.1.5
Peter Korsgaard
peter at korsgaard.com
Mon Apr 3 08:53:17 UTC 2023
>>>>> "Christian" == Christian Stewart <christian at paral.in> writes:
> This is the fifth patch release in the 1.1.z series of runc, which fixes
> three CVEs found in runc.
> CVE-2023-25809 is a vulnerability involving rootless containers where
> (under specific configurations), the container would have write access to the
> /sys/fs/cgroup/user.slice/... cgroup hierarchy. No other hierarchies on the host
> were affected. This vulnerability was discovered by Akihiro Suda.
> GHSA-m8cg-xc2p-r3fc
> CVE-2023-27561 was a regression which effectively re-introduced CVE-2019-19921.
> This bug was present from v1.0.0-rc95 to v1.1.4. This regression was discovered
> by Beuc. GHSA-vpvm-3wq2-2wvm
> CVE-2023-28642 is a variant of CVE-2023-27561 and was fixed by the same patch.
> This variant of the above vulnerability was reported by Lei Wang.
> GHSA-g2j6-57v7-gm8c
> In addition, the following other fixes are included in this release:
> - Fix the inability to use /dev/null when inside a container
> - Fix changing the ownership of host's /dev/null caused by fd redirection
> - Fix rare runc exec/enter unshare error on older kernels, including CentOS < 7.7
> - nsexec: Check for errors in write_log()
> https://github.com/opencontainers/runc/releases/tag/v1.1.5
> Signed-off-by: Christian Stewart <christian at paral.in>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list