[ubuntu/focal-security] runc 1.1.4-0ubuntu1~20.04.3 (Accepted)

David Fernandez Gonzalez david.fernandezgonzalez at canonical.com
Wed May 17 12:29:01 UTC 2023 

runc (1.1.4-0ubuntu1~20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: Incorrect access control through /sys/fs/cgroup
    - debian/patches/CVE-2023-25809.patch: apply MS_RDONLY if
      /sys/fs/cgroup is bind-mounted or mask if bind source is unavailable
      in libcontainer/rootfs_linux.go.
    - CVE-2023-25809
  * SECURITY UPDATE: Incorrect access control through /proc and /sys
    - debian/patches/CVE-2023-27561_2023-28642.patch: Prohibit /proc and
      /sys to be symlinks in libcontainer/rootfs_linux.go.
    - CVE-2023-27561
    - CVE-2023-28642

runc (1.1.4-0ubuntu1~20.04.2) focal; urgency=medium

  * d/p/lp2013318-fix-device-files-in-containers.patch: Fix inability to use
    device files such as /dev/null in containers (LP: #2013318)

runc (1.1.4-0ubuntu1~20.04.1) focal; urgency=medium

  * Backport version 1.1.4-0ubuntu1 from Lunar (LP: #1996909).
    - d/control: b-d on golang-1.18-go instead of golang-any.
    - d/rules: build with Golang 1.18.

runc (1.1.4-0ubuntu1) lunar; urgency=medium

  * New upstream release (LP: #1993442).
  * Refresh patches.

runc (1.1.2-0ubuntu1.1) kinetic; urgency=medium

  * d/p/fix_cpuset_range_byte_order.patch: fix byte order while parsing cpuset
    range to bits (LP: #1993221)

runc (1.1.2-0ubuntu1) kinetic; urgency=medium

  * New upstream release.

runc (1.1.0-0ubuntu1) jammy; urgency=medium

  * New upstream release.
  * Refresh patches:
    - d/p/test--skip_TestFactoryNewTmpfs.patch
    - d/p/test--skip-fs-related-cgroups-tests.patch
  * Remove patch not needed anymore:
    - d/p/test--skip-Hugetlb.patch

runc (1.0.3-0ubuntu1) jammy; urgency=medium

  * New upstream release (LP: #1946899).
  * d/rules: remove DH_GOLANG_INSTALL_EXTRA, the directories listed there do
    not exist anymore.

runc (1.0.1-0ubuntu2) impish; urgency=medium

  * d/p/test--skip-fs-related-cgroups-tests.patch: skip a new cgroups related
    test. It requires permission to write in /sys/fs/cgroup/memory during its
    execution.

runc (1.0.1-0ubuntu1) impish; urgency=medium

  * New upstream release.
  * d/watch: adjust regex to correctly match the tarball files on Github.
  * d/p/test--skip-fs-related-cgroups-tests.patch: update according to the
    upstream changes.
  * d/s/lintian-overrides: remove it, the override there is not needed.

runc (1.0.0~rc95-0ubuntu1) impish; urgency=medium

  * New upstream release.
    - Several regressions were found in 1.0.0-rc93 by upstream and fixed in
      this new release.
      + Ensure the scratch pipe is read during ExportBPF (LP: #1927219).
    - Drop patches applied by upstream:
      + d/patches/CVE-2021-30465/*.patch
      + d/patches/fix-patchpbf-test-on-32-bit.patch
  * d/rules: set VERSION variable when building runc (LP: #1929106).

Date: 2023-05-17 09:11:13.795224+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
https://launchpad.net/ubuntu/+source/runc/1.1.4-0ubuntu1~20.04.3
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list