Overview

File _patchinfo of Package patchinfo.40465

<patchinfo incident="40465">
  <issue id="2025-31133" tracker="cve" />
  <issue id="2025-52565" tracker="cve" />
  <issue id="2025-52881" tracker="cve" />
  <issue id="1252232" tracker="bnc">VUL-0: EMBARGOED: CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: runc: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files</issue>
  <packager>cyphar</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for runc</summary>
  <description>This update for runc fixes the following issues:

- CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232).
- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232).
- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232).

Update to runc v1.2.7. 

- Upstream changelog is available from &lt;https://github.com/opencontainers/runc/releases/tag/v1.2.7&gt;
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places