[USN-6619-1] runC vulnerability

Wed Jan 31 20:48:06 UTC 2024

==========================================================================
Ubuntu Security Notice USN-6619-1
January 31, 2024

runc vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

runC could be made to expose sensitive information or allow to escape
contianers.

Software Description:
- runc: Open Container Project

Details:

Rory McNamara discovered that runC did not properly manage internal file
descriptor while managing containers. An attacker could possibly use this
issue to obtain sensitive information or bypass container restrictions.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
  runc                            1.1.7-0ubuntu2.2

Ubuntu 22.04 LTS:
  runc                            1.1.7-0ubuntu1~22.04.2

Ubuntu 20.04 LTS:
  runc                            1.1.7-0ubuntu1~20.04.2

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  runc                            1.1.4-0ubuntu1~18.04.2+esm1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6619-1
  CVE-2024-21626

Package Information:
  https://launchpad.net/ubuntu/+source/runc/1.1.7-0ubuntu2.2
  https://launchpad.net/ubuntu/+source/runc/1.1.7-0ubuntu1~22.04.2
  https://launchpad.net/ubuntu/+source/runc/1.1.7-0ubuntu1~20.04.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20240201/28da6dc9/attachment.sig>