runc: volume mount race condition (regression of CVE-2019-19921)

A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume...

Rocky Linux 8 : container-tools:rhel8 (RLSA-2019:0975)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2019:0975 advisory. - runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary and consequently obtain host root...

Moderate: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: golang: crypto/tls: large handshake records may cause panics CVE-2022-41724 runc: Rootless runc makes /sys/fs/cgroup writable CVE-2023-25809 runc: volume mount...

PT-2024-1467

Name of the Vulnerable Software and Affected Versions runc versions 1.1.11 and earlier Description The issue is related to an internal file descriptor leak in runc, which allows an attacker to cause a newly-spawned container process to have a working directory in the host filesystem namespace. Th...

ALSA-2023:6380 Moderate: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: golang: crypto/tls: large handshake records may cause panics CVE-2022-41724 runc: Rootless runc makes /sys/fs/cgroup writable CVE-2023-25809 runc: volume mount...

RHEL 9 : runc (RHSA-2023:6380)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6380 advisory. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes:...

Rocky Linux 9 : runc (RLSA-2022:8090)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8090 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc...

Amazon Linux 2 : runc (ALASECS-2023-018)

The version of runc installed on the remote host is prior to 1.1.7-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-018 advisory. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signature...

ROS-20231031-01

A vulnerability in the Runc isolated container launch tool is related to improper saving of permissions. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. Vulnerability in the Runc isolated container too...

Important: runc

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: runc Issue Correction: Run dnf update runc --releaseve...

Ubuntu 16.04 ESM : runC vulnerabilities (USN-4867-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4867-1 advisory. It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory...

Amazon Linux 2 : runc (ALASNITRO-ENCLAVES-2023-032)

The version of runc installed on the remote host is prior to 1.1.7-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2023-032 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many...

Amazon Linux 2 : runc (ALASDOCKER-2023-033)

The version of runc installed on the remote host is prior to 1.1.7-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2023-033 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...

Important: runc

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: runc Note: This advisory is applicable to Amazon Linux...

Important: runc

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: runc Note: This advisory is applicable to Amazon Linux...

SUSE-SU-2023:3952-2 Security update for runc

This update of runc fixes the following issues: - Update to runc v1.1.8. Upstream changelog is available from . - rebuild the package with the go 1.21 security release bsc1212475...

PT-2023-36273 · Runc · Runc

Name of the Vulnerable Software and Affected Versions: runc versions prior to 1.1.8 Description: The issue is related to the runc package, which has been updated to version 1.1.8. The update includes a rebuild of the package with the go 1.21 security release. Recommendations: For versions prior t...

Important: runc

Issue Overview: Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: prometheus-alertmanager, src, wireguard-go, amass, minio, timoni, skaffold, flux-image-reflector-controller, falcoctl, zot, prometheus-pushgateway-fips, nats, pulumi-language-dotnet, gomplate, gitness, prometheus-node-exporter, rqlite, external-secrets-operator,...

container-tools:rhel8 bug fix and enhancement update

An update is available for libslirp, module.buildah, module.crun, buildah, fuse-overlayfs, udica, module.oci-seccomp-bpf-hook, module.netavark, module.runc, conmon, module.containers-common, python-podman, module.libslirp, module.aardvark-dns, module.fuse-overlayfs, runc, criu, aardvark-dns,...