Описание
Security update for runc
This update for runc fixes the following issues:
- Update to runc v1.1.12 (bsc#1218894)
The following CVE was already fixed with the previous release.
- CVE-2024-21626: Fixed container breakout.
Список пакетов
Container rancher/elemental-teal-rt/5.4:latest
runc-1.1.12-150000.61.2
Container rancher/elemental-teal/5.4:latest
runc-1.1.12-150000.61.2
Container suse/sle-micro/5.5:latest
runc-1.1.12-150000.61.2
Image SLES15-SP3-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP3-BYOS-EC2-HVM
runc-1.1.12-150000.61.2
Image SLES15-SP3-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP3-CHOST-BYOS-Aliyun
runc-1.1.12-150000.61.2
Image SLES15-SP3-CHOST-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP3-CHOST-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP3-CHOST-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
runc-1.1.12-150000.61.2
Image SLES15-SP3-HPC-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP3-HPC-BYOS-EC2-HVM
runc-1.1.12-150000.61.2
Image SLES15-SP3-HPC-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP3-Micro-5-1-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM
runc-1.1.12-150000.61.2
Image SLES15-SP3-Micro-5-1-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP3-Micro-5-2-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM
runc-1.1.12-150000.61.2
Image SLES15-SP3-Micro-5-2-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP3-SAP-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP3-SAP-BYOS-EC2-HVM
runc-1.1.12-150000.61.2
Image SLES15-SP3-SAP-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP3-SAPCAL-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP3-SAPCAL-EC2-HVM
runc-1.1.12-150000.61.2
Image SLES15-SP3-SAPCAL-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP4-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP4-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP4-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP4-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP4-CHOST-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP4-CHOST-BYOS-Aliyun
runc-1.1.12-150000.61.2
Image SLES15-SP4-CHOST-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP4-CHOST-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP4-CHOST-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP4-CHOST-BYOS-SAP-CCloud
runc-1.1.12-150000.61.2
Image SLES15-SP4-HPC-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP4-HPC-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP4-HPC-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP4-HPC-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP4-HPC-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP4-HPC-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP4-Hardened-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP4-Hardened-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP4-Hardened-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP4-Hardened-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP4-Manager-Server-4-3
runc-1.1.12-150000.61.2
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
runc-1.1.12-150000.61.2
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
runc-1.1.12-150000.61.2
Image SLES15-SP4-Manager-Server-4-3-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
runc-1.1.12-150000.61.2
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
runc-1.1.12-150000.61.2
Image SLES15-SP4-Micro-5-3
runc-1.1.12-150000.61.2
Image SLES15-SP4-Micro-5-3-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP4-Micro-5-3-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP4-Micro-5-3-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP4-Micro-5-3-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP4-Micro-5-3-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP4-Micro-5-4
runc-1.1.12-150000.61.2
Image SLES15-SP4-Micro-5-4-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP4-Micro-5-4-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP4-Micro-5-4-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP4-Micro-5-4-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP4-Micro-5-4-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP4-Micro-5-4-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAP
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAP-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAP-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAP-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAP-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAP-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAP-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAP-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAP-Hardened
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAP-Hardened-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAP-Hardened-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAP-Hardened-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAPCAL
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAPCAL-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAPCAL-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP4-SAPCAL-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP5-Azure-3P
runc-1.1.12-150000.61.2
Image SLES15-SP5-Azure-Basic
runc-1.1.12-150000.61.2
Image SLES15-SP5-Azure-Standard
runc-1.1.12-150000.61.2
Image SLES15-SP5-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP5-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP5-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP5-CHOST-BYOS-Aliyun
runc-1.1.12-150000.61.2
Image SLES15-SP5-CHOST-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP5-CHOST-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP5-CHOST-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP5-CHOST-BYOS-GDC
runc-1.1.12-150000.61.2
Image SLES15-SP5-CHOST-BYOS-SAP-CCloud
runc-1.1.12-150000.61.2
Image SLES15-SP5-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP5-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP5-HPC-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP5-HPC-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP5-HPC-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP5-HPC-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP5-Hardened-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP5-Hardened-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP5-Hardened-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP5-Manager-Proxy-5-0-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP5-Manager-Server-5-0
runc-1.1.12-150000.61.2
Image SLES15-SP5-Manager-Server-5-0-Azure-llc
runc-1.1.12-150000.61.2
Image SLES15-SP5-Manager-Server-5-0-Azure-ltd
runc-1.1.12-150000.61.2
Image SLES15-SP5-Manager-Server-5-0-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP5-Manager-Server-5-0-EC2-llc
runc-1.1.12-150000.61.2
Image SLES15-SP5-Manager-Server-5-0-EC2-ltd
runc-1.1.12-150000.61.2
Image SLES15-SP5-Micro-5-5
runc-1.1.12-150000.61.2
Image SLES15-SP5-Micro-5-5-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP5-Micro-5-5-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP5-Micro-5-5-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP5-Micro-5-5-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP5-Micro-5-5-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP5-Micro-5-5-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP5-Micro-5-5-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP5-SAP-Azure-3P
runc-1.1.12-150000.61.2
Image SLES15-SP5-SAP-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP5-SAP-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP5-SAP-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP5-SAP-Hardened-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP5-SAP-Hardened-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP5-SAPCAL-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP5-SAPCAL-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP5-SAPCAL-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP6
runc-1.1.12-150000.61.2
Image SLES15-SP6-Azure-Basic
runc-1.1.12-150000.61.2
Image SLES15-SP6-Azure-Standard
runc-1.1.12-150000.61.2
Image SLES15-SP6-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP6-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP6-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP6-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP6-CHOST-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP6-CHOST-BYOS-Aliyun
runc-1.1.12-150000.61.2
Image SLES15-SP6-CHOST-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP6-CHOST-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP6-CHOST-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP6-CHOST-BYOS-GDC
runc-1.1.12-150000.61.2
Image SLES15-SP6-CHOST-BYOS-SAP-CCloud
runc-1.1.12-150000.61.2
Image SLES15-SP6-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP6-EC2-ECS-HVM
runc-1.1.12-150000.61.2
Image SLES15-SP6-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP6-HPC
runc-1.1.12-150000.61.2
Image SLES15-SP6-HPC-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP6-HPC-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP6-HPC-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP6-HPC-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP6-HPC-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP6-HPC-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP6-HPC-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP6-Hardened-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP6-Hardened-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP6-Hardened-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP6-Hardened-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAP
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAP-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAP-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAP-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAP-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAP-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAP-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAP-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAP-Hardened
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAP-Hardened-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAP-Hardened-BYOS
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAP-Hardened-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAP-Hardened-GCE
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAPCAL
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAPCAL-Azure
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAPCAL-EC2
runc-1.1.12-150000.61.2
Image SLES15-SP6-SAPCAL-GCE
runc-1.1.12-150000.61.2
SUSE Enterprise Storage 7.1
runc-1.1.12-150000.61.2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
runc-1.1.12-150000.61.2
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
runc-1.1.12-150000.61.2
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
runc-1.1.12-150000.61.2
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
runc-1.1.12-150000.61.2
SUSE Linux Enterprise Micro 5.1
runc-1.1.12-150000.61.2
SUSE Linux Enterprise Micro 5.2
runc-1.1.12-150000.61.2
SUSE Linux Enterprise Micro 5.3
runc-1.1.12-150000.61.2
SUSE Linux Enterprise Micro 5.4
runc-1.1.12-150000.61.2
SUSE Linux Enterprise Micro 5.5
runc-1.1.12-150000.61.2
SUSE Linux Enterprise Module for Containers 15 SP4
runc-1.1.12-150000.61.2
SUSE Linux Enterprise Module for Containers 15 SP5
runc-1.1.12-150000.61.2
SUSE Linux Enterprise Server 15 SP2-LTSS
runc-1.1.12-150000.61.2
SUSE Linux Enterprise Server 15 SP3-LTSS
runc-1.1.12-150000.61.2
SUSE Linux Enterprise Server 15 SP4-LTSS
runc-1.1.12-150000.61.2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
runc-1.1.12-150000.61.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
runc-1.1.12-150000.61.2
SUSE Linux Enterprise Server for SAP Applications 15 SP4
runc-1.1.12-150000.61.2
openSUSE Leap 15.5
runc-1.1.12-150000.61.2
openSUSE Leap Micro 5.3
runc-1.1.12-150000.61.2
openSUSE Leap Micro 5.4
runc-1.1.12-150000.61.2
Ссылки
- Link for SUSE-SU-2024:0459-1
- E-Mail link for SUSE-SU-2024:0459-1
- SUSE Security Ratings
- SUSE Bug 1218894
- SUSE CVE CVE-2024-21626 page
Описание
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
Затронутые продукты
Container rancher/elemental-teal-rt/5.4:latest:runc-1.1.12-150000.61.2
Container rancher/elemental-teal/5.4:latest:runc-1.1.12-150000.61.2
Container suse/sle-micro/5.5:latest:runc-1.1.12-150000.61.2
Image SLES15-SP3-BYOS-Azure:runc-1.1.12-150000.61.2
Ссылки
- CVE-2024-21626
- SUSE Bug 1218894