Описание
Security update for runc
This update for runc fixes the following issues:
Update to runc v1.1.5:
Security fixes:
- CVE-2023-25809: Fixed rootless
/sys/fs/cgroupis writable when cgroupns isn't unshared (bnc#1209884). - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962).
- CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888).
Other fixes:
- Fix the inability to use
/dev/nullwhen inside a container. - Fix changing the ownership of host's
/dev/nullcaused by fd redirection (bsc#1168481). - Fix rare runc exec/enter unshare error on older kernels.
- nsexec: Check for errors in
write_log(). - Drop version-specific Go requirement.
Список пакетов
Container rancher/elemental-teal-iso/5.4:latest
runc-1.1.5-150000.41.1
Container rancher/elemental-teal-rt/5.4:latest
runc-1.1.5-150000.41.1
Container rancher/elemental-teal/5.4:latest
runc-1.1.5-150000.41.1
Container suse/sle-micro/5.5:latest
runc-1.1.5-150000.41.1
Image SLES15-SP2-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP2-HPC-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP2-SAP-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP2-SAP-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
runc-1.1.5-150000.41.1
Image SLES15-SP2-SAP-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP2-SAP-EC2-HVM
runc-1.1.5-150000.41.1
Image SLES15-SP2-SAP-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP3-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP3-BYOS-EC2-HVM
runc-1.1.5-150000.41.1
Image SLES15-SP3-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP3-CHOST-BYOS-Aliyun
runc-1.1.5-150000.41.1
Image SLES15-SP3-CHOST-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP3-CHOST-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP3-CHOST-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
runc-1.1.5-150000.41.1
Image SLES15-SP3-HPC-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
runc-1.1.5-150000.41.1
Image SLES15-SP3-HPC-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
runc-1.1.5-150000.41.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
runc-1.1.5-150000.41.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP3-Micro-5-1-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM
runc-1.1.5-150000.41.1
Image SLES15-SP3-Micro-5-1-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP3-Micro-5-2-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM
runc-1.1.5-150000.41.1
Image SLES15-SP3-Micro-5-2-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP3-SAP-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
runc-1.1.5-150000.41.1
Image SLES15-SP3-SAP-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP3-SAPCAL-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP3-SAPCAL-EC2-HVM
runc-1.1.5-150000.41.1
Image SLES15-SP3-SAPCAL-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP4
runc-1.1.5-150000.41.1
Image SLES15-SP4-Azure-Basic
runc-1.1.5-150000.41.1
Image SLES15-SP4-Azure-Standard
runc-1.1.5-150000.41.1
Image SLES15-SP4-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP4-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP4-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP4-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP4-CHOST-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP4-CHOST-BYOS-Aliyun
runc-1.1.5-150000.41.1
Image SLES15-SP4-CHOST-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP4-CHOST-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP4-CHOST-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP4-CHOST-BYOS-SAP-CCloud
runc-1.1.5-150000.41.1
Image SLES15-SP4-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP4-EC2-ECS-HVM
runc-1.1.5-150000.41.1
Image SLES15-SP4-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP4-HPC
runc-1.1.5-150000.41.1
Image SLES15-SP4-HPC-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP4-HPC-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP4-HPC-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP4-HPC-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP4-HPC-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP4-HPC-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP4-HPC-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP4-Hardened-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP4-Hardened-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP4-Hardened-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP4-Hardened-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP4-Manager-Server-4-3
runc-1.1.5-150000.41.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
runc-1.1.5-150000.41.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
runc-1.1.5-150000.41.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
runc-1.1.5-150000.41.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
runc-1.1.5-150000.41.1
Image SLES15-SP4-Micro-5-3
runc-1.1.5-150000.41.1
Image SLES15-SP4-Micro-5-3-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP4-Micro-5-3-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP4-Micro-5-3-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP4-Micro-5-3-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP4-Micro-5-3-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP4-Micro-5-4
runc-1.1.5-150000.41.1
Image SLES15-SP4-Micro-5-4-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP4-Micro-5-4-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP4-Micro-5-4-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP4-Micro-5-4-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP4-Micro-5-4-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP4-Micro-5-4-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP4-Micro-5-4-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAP
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAP-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAP-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAP-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAP-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAP-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAP-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAP-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAP-Hardened
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAP-Hardened-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAP-Hardened-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAP-Hardened-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAP-Hardened-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAPCAL
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAPCAL-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAPCAL-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP4-SAPCAL-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP5-Azure-3P
runc-1.1.5-150000.41.1
Image SLES15-SP5-Azure-Basic
runc-1.1.5-150000.41.1
Image SLES15-SP5-Azure-Standard
runc-1.1.5-150000.41.1
Image SLES15-SP5-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP5-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP5-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP5-CHOST-BYOS-Aliyun
runc-1.1.5-150000.41.1
Image SLES15-SP5-CHOST-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP5-CHOST-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP5-CHOST-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP5-CHOST-BYOS-GDC
runc-1.1.5-150000.41.1
Image SLES15-SP5-CHOST-BYOS-SAP-CCloud
runc-1.1.5-150000.41.1
Image SLES15-SP5-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP5-EC2-ECS-HVM
runc-1.1.5-150000.41.1
Image SLES15-SP5-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP5-HPC-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP5-HPC-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP5-HPC-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP5-HPC-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP5-HPC-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP5-HPC-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP5-Hardened-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP5-Hardened-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP5-Hardened-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP5-Manager-Server-5-0
runc-1.1.5-150000.41.1
Image SLES15-SP5-Manager-Server-5-0-Azure-llc
runc-1.1.5-150000.41.1
Image SLES15-SP5-Manager-Server-5-0-Azure-ltd
runc-1.1.5-150000.41.1
Image SLES15-SP5-Manager-Server-5-0-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP5-Manager-Server-5-0-EC2-llc
runc-1.1.5-150000.41.1
Image SLES15-SP5-Manager-Server-5-0-EC2-ltd
runc-1.1.5-150000.41.1
Image SLES15-SP5-Micro-5-5
runc-1.1.5-150000.41.1
Image SLES15-SP5-Micro-5-5-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP5-Micro-5-5-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP5-Micro-5-5-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP5-Micro-5-5-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP5-Micro-5-5-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP5-Micro-5-5-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP5-Micro-5-5-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP5-SAP-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP5-SAP-Azure-3P
runc-1.1.5-150000.41.1
Image SLES15-SP5-SAP-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP5-SAP-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP5-SAP-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP5-SAP-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP5-SAP-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP5-SAP-Hardened-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP5-SAP-Hardened-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP5-SAP-Hardened-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP5-SAPCAL-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP5-SAPCAL-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP5-SAPCAL-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP6
runc-1.1.5-150000.41.1
Image SLES15-SP6-Azure-Basic
runc-1.1.5-150000.41.1
Image SLES15-SP6-Azure-Standard
runc-1.1.5-150000.41.1
Image SLES15-SP6-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP6-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP6-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP6-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP6-CHOST-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP6-CHOST-BYOS-Aliyun
runc-1.1.5-150000.41.1
Image SLES15-SP6-CHOST-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP6-CHOST-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP6-CHOST-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP6-CHOST-BYOS-GDC
runc-1.1.5-150000.41.1
Image SLES15-SP6-CHOST-BYOS-SAP-CCloud
runc-1.1.5-150000.41.1
Image SLES15-SP6-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP6-EC2-ECS-HVM
runc-1.1.5-150000.41.1
Image SLES15-SP6-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP6-HPC
runc-1.1.5-150000.41.1
Image SLES15-SP6-HPC-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP6-HPC-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP6-HPC-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP6-HPC-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP6-HPC-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP6-HPC-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP6-HPC-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP6-Hardened-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP6-Hardened-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP6-Hardened-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP6-Hardened-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAP
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAP-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAP-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAP-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAP-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAP-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAP-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAP-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAP-Hardened
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAP-Hardened-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAP-Hardened-BYOS
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAP-Hardened-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAP-Hardened-GCE
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAPCAL
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAPCAL-Azure
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAPCAL-EC2
runc-1.1.5-150000.41.1
Image SLES15-SP6-SAPCAL-GCE
runc-1.1.5-150000.41.1
SUSE Enterprise Storage 7
runc-1.1.5-150000.41.1
SUSE Enterprise Storage 7.1
runc-1.1.5-150000.41.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
runc-1.1.5-150000.41.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
runc-1.1.5-150000.41.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
runc-1.1.5-150000.41.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
runc-1.1.5-150000.41.1
SUSE Linux Enterprise Micro 5.1
runc-1.1.5-150000.41.1
SUSE Linux Enterprise Micro 5.2
runc-1.1.5-150000.41.1
SUSE Linux Enterprise Micro 5.3
runc-1.1.5-150000.41.1
SUSE Linux Enterprise Micro 5.4
runc-1.1.5-150000.41.1
SUSE Linux Enterprise Module for Containers 15 SP4
runc-1.1.5-150000.41.1
SUSE Linux Enterprise Server 15 SP1-LTSS
runc-1.1.5-150000.41.1
SUSE Linux Enterprise Server 15 SP2-LTSS
runc-1.1.5-150000.41.1
SUSE Linux Enterprise Server 15 SP3-LTSS
runc-1.1.5-150000.41.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
runc-1.1.5-150000.41.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
runc-1.1.5-150000.41.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
runc-1.1.5-150000.41.1
openSUSE Leap 15.4
runc-1.1.5-150000.41.1
openSUSE Leap Micro 5.3
runc-1.1.5-150000.41.1
Ссылки
- Link for SUSE-SU-2023:2003-1
- E-Mail link for SUSE-SU-2023:2003-1
- SUSE Security Ratings
- SUSE Bug 1168481
- SUSE Bug 1208962
- SUSE Bug 1209884
- SUSE Bug 1209888
- SUSE CVE CVE-2023-25809 page
- SUSE CVE CVE-2023-27561 page
- SUSE CVE CVE-2023-28642 page
Описание
runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec --rootless`; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host . Other users's cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. Users unable to upgrade may unshare the cgroup namespace (`(docker|podman|nerdctl) run --cgroupns=private)`. This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts. or add `/sys/fs/cgroup` to `maskedPaths`.
Затронутые продукты
Container rancher/elemental-teal-iso/5.4:latest:runc-1.1.5-150000.41.1
Container rancher/elemental-teal-rt/5.4:latest:runc-1.1.5-150000.41.1
Container rancher/elemental-teal/5.4:latest:runc-1.1.5-150000.41.1
Container suse/sle-micro/5.5:latest:runc-1.1.5-150000.41.1
Ссылки
- CVE-2023-25809
- SUSE Bug 1209884
Описание
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
Затронутые продукты
Container rancher/elemental-teal-iso/5.4:latest:runc-1.1.5-150000.41.1
Container rancher/elemental-teal-rt/5.4:latest:runc-1.1.5-150000.41.1
Container rancher/elemental-teal/5.4:latest:runc-1.1.5-150000.41.1
Container suse/sle-micro/5.5:latest:runc-1.1.5-150000.41.1
Ссылки
- CVE-2023-27561
- SUSE Bug 1208962
Описание
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
Затронутые продукты
Container rancher/elemental-teal-iso/5.4:latest:runc-1.1.5-150000.41.1
Container rancher/elemental-teal-rt/5.4:latest:runc-1.1.5-150000.41.1
Container rancher/elemental-teal/5.4:latest:runc-1.1.5-150000.41.1
Container suse/sle-micro/5.5:latest:runc-1.1.5-150000.41.1
Ссылки
- CVE-2023-28642
- SUSE Bug 1209888