GO-2023-1682 Rootless: /sys/fs/cgroup is writable when cgroupns isn't unshared in github.com/opencontainers/runc

Rootless: /sys/fs/cgroup is writable when cgroupns isn't unshared in github.com/opencontainers/runc...

SUSE-SU-2023:2003-1 Security update for runc

This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: - CVE-2023-25809: Fixed rootless /sys/fs/cgroup is writable when cgroupns isn't unshared bnc1209884. - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability bnc1208962. -...

Updated opencontainers-runc packages fix security vulnerability

/sys/fs/cgroup is writable when cgroupns isn't unshared CVE-2023-25809 Regression that reintroduced CVE-2019-19921 - Incorrect Access Control leading to Escalation of Privileges CVE-2023-27561 AppArmor/SELinux bypass with symlinked /proc CVE-2023-28642...

SUSE-SU-2023:1726-1 Security update for runc

This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: - CVE-2023-25809: Fixed rootless /sys/fs/cgroup is writable when cgroupns isn't unshared bnc1209884. - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability bnc1208962. -...

CVE-2023-25809 rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

CVE-2023-25809

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...