Publishing details

Published on 2024-01-31
Copied from ubuntu mantic in Private PPA for Ubuntu Security Team by Nishit Majithia

Changelog

runc (1.1.7-0ubuntu2.2) mantic-security; urgency=medium

  * SECURITY UPDATE: container escape vulnerability
    - d/p/0001-Fix-File-to-Close.patch: Fix File to Close
    - d/p/0002-init-verify-after-chdir-that-cwd-is-inside-the-conta.patch:
      init: verify after chdir that cwd is inside the container
    - d/p/0003-setns-init-do-explicit-lookup-of-execve-argument-ear.patch:
      setns init: do explicit lookup of execve argument early
    - d/p/0004-init-close-internal-fds-before-execve.patch: init: close
      internal fds before execve
    - d/p/0005-cgroup-plug-leaks-of-sys-fs-cgroup-handle.patch: cgroup:
      plug leaks of /sys/fs/cgroup handle
    - d/p/0006-libcontainer-mark-all-non-stdio-fds-O_CLOEXEC-before.patch:
      ibcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
    - CVE-2024-21626

 -- Nishit Majithia <email address hidden>  Wed, 24 Jan 2024 16:41:08 +0530

Available diffs

Builds

Built packages

golang-github-opencontainers-runc-dev Open Container Project - development files

runc Open Container Project - runtime

runc-dbgsym debug symbols for runc

Package files

golang-github-opencontainers-runc-dev_1.1.7-0ubuntu2.2_all.deb (1.1 MiB)
runc-dbgsym_1.1.7-0ubuntu2.2_amd64.ddeb (6.7 MiB)
runc-dbgsym_1.1.7-0ubuntu2.2_arm64.ddeb (6.3 MiB)
runc-dbgsym_1.1.7-0ubuntu2.2_armhf.ddeb (6.0 MiB)
runc-dbgsym_1.1.7-0ubuntu2.2_ppc64el.ddeb (6.4 MiB)
runc-dbgsym_1.1.7-0ubuntu2.2_riscv64.ddeb (6.4 MiB)
runc-dbgsym_1.1.7-0ubuntu2.2_s390x.ddeb (6.4 MiB)
runc_1.1.7-0ubuntu2.2.debian.tar.xz (17.8 KiB)
runc_1.1.7-0ubuntu2.2.dsc (2.2 KiB)
runc_1.1.7-0ubuntu2.2_amd64.deb (4.4 MiB)
runc_1.1.7-0ubuntu2.2_arm64.deb (4.0 MiB)
runc_1.1.7-0ubuntu2.2_armhf.deb (3.9 MiB)
runc_1.1.7-0ubuntu2.2_ppc64el.deb (4.0 MiB)
runc_1.1.7-0ubuntu2.2_riscv64.deb (4.2 MiB)
runc_1.1.7-0ubuntu2.2_s390x.deb (4.4 MiB)
runc_1.1.7.orig.tar.xz (1.4 MiB)