Important: runc security update

2024-07-2300:00:00

errata.almalinux.org

runc tool

lightweight

open container format

security fix

golang-fips

openssl

memory leaks

rsa

cve-2024-1394

cvss score

acknowledgments

references section

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

30.8%

JSON

The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.

Security Fix(es):

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
almalinux9aarch64runc< 1.1.12-3.el9_4runc-1.1.12-3.el9_4.aarch64.rpm
almalinux9x86_64runc< 1.1.12-3.el9_4runc-1.1.12-3.el9_4.x86_64.rpm
almalinux9ppc64lerunc< 1.1.12-3.el9_4runc-1.1.12-3.el9_4.ppc64le.rpm
almalinux9s390xrunc< 1.1.12-3.el9_4runc-1.1.12-3.el9_4.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	9	aarch64	runc	< 1.1.12-3.el9_4	runc-1.1.12-3.el9_4.aarch64.rpm
almalinux	9	x86_64	runc	< 1.1.12-3.el9_4	runc-1.1.12-3.el9_4.x86_64.rpm
almalinux	9	ppc64le	runc	< 1.1.12-3.el9_4	runc-1.1.12-3.el9_4.ppc64le.rpm
almalinux	9	s390x	runc	< 1.1.12-3.el9_4	runc-1.1.12-3.el9_4.s390x.rpm