Copied from
ubuntu mantic in
Private PPA for Ubuntu Security Team
by Nishit Majithia
Changelog
runc (1.1.7-0ubuntu2.2) mantic-security; urgency=medium
* SECURITY UPDATE: container escape vulnerability
- d/p/0001-Fix-File-to-Close.patch: Fix File to Close
- d/p/0002-init-verify-after-chdir-that-cwd-is-inside-the-conta.patch:
init: verify after chdir that cwd is inside the container
- d/p/0003-setns-init-do-explicit-lookup-of-execve-argument-ear.patch:
setns init: do explicit lookup of execve argument early
- d/p/0004-init-close-internal-fds-before-execve.patch: init: close
internal fds before execve
- d/p/0005-cgroup-plug-leaks-of-sys-fs-cgroup-handle.patch: cgroup:
plug leaks of /sys/fs/cgroup handle
- d/p/0006-libcontainer-mark-all-non-stdio-fds-O_CLOEXEC-before.patch:
ibcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
- CVE-2024-21626
-- Nishit Majithia <email address hidden> Wed, 24 Jan 2024 16:41:08 +0530