Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-17931

Опубликовано: 09 фев. 2024
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2024-17931: runc security update (IMPORTANT)

[1.1.12-1]

  • Update runc to 1.1.12 [JIRA: OLDIS-30530]

[1.1.10-1]

  • Update runc to 1.1.10 [JIRA: OLDIS-30530]

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

runc

1.1.12-1.el7

Oracle Linux x86_64

runc

1.1.12-1.el7

Связанные CVE

CVE-2024-21626

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2024-21626

CVSS3: 8.6
ubuntu
больше 1 года назад

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.

redhat логотип

CVE-2024-21626

CVSS3: 8.6
redhat
больше 1 года назад

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.

nvd логотип

CVE-2024-21626

CVSS3: 8.6
nvd
больше 1 года назад

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.

msrc логотип

CVE-2024-21626

msrc
больше 1 года назад

GitHub: CVE-2024-21626 Container breakout through process.cwd trickery and leaked fds

debian логотип

CVE-2024-21626

CVSS3: 8.6
debian
больше 1 года назад

runc is a CLI tool for spawning and running containers on Linux accord ...