Security update for podman

This update for podman fixes the following issues: CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252376 CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races bsc1252376 CVE-2025-52881: Fixed...

SUSE-SU-2025:4079-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252376 - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races bsc1252376 - CVE-2025-52881: Fixed...

Security update for runc

This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc1252232 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc1252110 Includes an important fix for the CPUSet translation for...

SUSE-SU-2025:4077-1 Security update for runc

This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc1252232 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc1252110 - Includes an important fix for the CPUSet translation for...

Security update for buildah

This update for buildah fixes the following issues: CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1253096 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

SUSE-SU-2025:4076-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1253096...

Security update for buildah

This update for buildah fixes the following issues: CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1253096 Other fixes: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless bsc1252543 Patch Instructions: To...

SUSE-SU-2025:4075-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1253096 Other fixes: - podman and buildah with runc 1.3.2 fail with lots of warnings as rootless bsc1252543...

Security update for buildah

This update for buildah fixes the following issues: CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1253096 Other fixes: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless bsc1252543 Patch Instructions: To...

SUSE-SU-2025:4074-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1253096 Other fixes: - podman and buildah with runc 1.3.2 fail with lots of warnings as rootless bsc1252543...

Security update for runc

This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc1252232 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc1252110 Includes an important fix for the CPUSet translation for...

SUSE-SU-2025:4073-1 Security update for runc

This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc1252232 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc1252110 - Includes an important fix for the CPUSet translation for...

RHSA-2025:20957 Red Hat Security Advisory: runc security update

Bulletin has no description...

CVE-2025-52881 affecting package moby-runc for versions less than 1.2.8-1

CVE-2025-52881 affecting package moby-runc for versions less than 1.2.8-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-31133 affecting package moby-runc for versions less than 1.2.8-1

CVE-2025-31133 affecting package moby-runc for versions less than 1.2.8-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-52565 affecting package moby-runc for versions less than 1.2.8-1

CVE-2025-52565 affecting package moby-runc for versions less than 1.2.8-1. An upgraded version of the package is available that resolves this issue...

Critical Photon OS Security Update - PHSA-2025-5.0-0676

Updates of 'redis', 'openjdk21', 'runc', 'Linux-PAM', 'openjdk11' packages of Photon OS have been released...

Important: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...