[ubuntu/jammy-updates] runc 1.1.7-0ubuntu1~22.04.2 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Thu Feb 1 00:58:15 UTC 2024


runc (1.1.7-0ubuntu1~22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: container escape vulnerability                        
    - d/p/0001-Fix-File-to-Close.patch: Fix File to Close                  
    - d/p/0002-init-verify-after-chdir-that-cwd-is-inside-the-conta.patch: 
      init: verify after chdir that cwd is inside the container            
    - d/p/0003-setns-init-do-explicit-lookup-of-execve-argument-ear.patch: 
      setns init: do explicit lookup of execve argument early              
    - d/p/0004-init-close-internal-fds-before-execve.patch: init: close    
      internal fds before execve                                           
    - d/p/0005-cgroup-plug-leaks-of-sys-fs-cgroup-handle.patch: cgroup:     
      plug leaks of /sys/fs/cgroup handle                                  
    - d/p/0006-libcontainer-mark-all-non-stdio-fds-O_CLOEXEC-before.patch: 
      ibcontainer: mark all non-stdio fds O_CLOEXEC before spawning init   
    - CVE-2024-21626

Date: 2024-01-24 11:59:15.269682+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/runc/1.1.7-0ubuntu1~22.04.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the jammy-changes mailing list