Overview

File _patchinfo of Package patchinfo.28472

<patchinfo incident="28472">
  <issue tracker="cve" id="2023-28642"/>
  <issue tracker="cve" id="2023-25809"/>
  <issue tracker="cve" id="2023-27561"/>
  <issue tracker="bnc" id="1168481">/dev/null not accessable in containers</issue>
  <issue tracker="bnc" id="1208962">VUL-0: CVE-2023-27561: runc,docker-runc: Fix for CVE-2019-19921 broken by fix for CVE-2021-30465</issue>
  <issue tracker="bnc" id="1209884">VUL-0: CVE-2023-25809: runc: rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared</issue>
  <issue tracker="bnc" id="1209888">VUL-0: CVE-2023-28642: runc: AppArmor/SELinux bypass with symlinked /proc</issue>
  <packager>cyphar</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for runc</summary>
  <description>This update for runc fixes the following issues:

Update to runc v1.1.5:

Security fixes:

- CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884).
- CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962).
- CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888).

Other fixes:

 - Fix the inability to use `/dev/null` when inside a container.
 - Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481).
 - Fix rare runc exec/enter unshare error on older kernels.
 - nsexec: Check for errors in `write_log()`.
 - Drop version-specific Go requirement.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places