Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2023-28642

runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.

Related bugs and status

CVE-2023-28642 (Candidate) is related to these bugs:

Bug #1971320: Merge runc from Debian unstable for kinetic

Summary				In	Importance	Status
	1971320	Merge runc from Debian unstable for kinetic		runc (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/ope...
MISC: https://github.com/ope...