[ubuntu/mantic-proposed] runc 1.1.4-0ubuntu4 (Accepted)

David Fernandez Gonzalez david.fernandezgonzalez at canonical.com
Wed May 17 12:05:13 UTC 2023 

runc (1.1.4-0ubuntu4) mantic; urgency=medium

  * SECURITY UPDATE: Incorrect access control through /sys/fs/cgroup
    - debian/patches/CVE-2023-25809.patch: apply MS_RDONLY if
      /sys/fs/cgroup is bind-mounted or mask if bind source is unavailable
      in libcontainer/rootfs_linux.go.
    - CVE-2023-25809
  * SECURITY UPDATE: Incorrect access control through /proc and /sys
    - debian/patches/CVE-2023-27561_2023-28642.patch: Prohibit /proc and
      /sys to be symlinks in libcontainer/rootfs_linux.go.
    - CVE-2023-27561
    - CVE-2023-28642

Date: Mon, 15 May 2023 13:20:53 +0200
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/runc/1.1.4-0ubuntu4
-------------- next part --------------
Format: 1.8
Date: Mon, 15 May 2023 13:20:53 +0200
Source: runc
Built-For-Profiles: noudeb
Architecture: source
Version: 1.1.4-0ubuntu4
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
Changes:
 runc (1.1.4-0ubuntu4) mantic; urgency=medium
 .
   * SECURITY UPDATE: Incorrect access control through /sys/fs/cgroup
     - debian/patches/CVE-2023-25809.patch: apply MS_RDONLY if
       /sys/fs/cgroup is bind-mounted or mask if bind source is unavailable
       in libcontainer/rootfs_linux.go.
     - CVE-2023-25809
   * SECURITY UPDATE: Incorrect access control through /proc and /sys
     - debian/patches/CVE-2023-27561_2023-28642.patch: Prohibit /proc and
       /sys to be symlinks in libcontainer/rootfs_linux.go.
     - CVE-2023-27561
     - CVE-2023-28642
Checksums-Sha1:
 cc268d4c8de82b4a64a60474f75be1e70b8b7509 2396 runc_1.1.4-0ubuntu4.dsc
 8846c7422e6c0489934477678be6101837080046 13836 runc_1.1.4-0ubuntu4.debian.tar.xz
 38da4de61ea37fabc15b62176fb3752ec256b6d4 6615 runc_1.1.4-0ubuntu4_source.buildinfo
Checksums-Sha256:
 afbb36c9ad5c10b9ed5fd508aa791117a2d36410c81ec548f20697e49f4be1c2 2396 runc_1.1.4-0ubuntu4.dsc
 7b12dcd51ac078dd9da82534baa8f656fb5854a72f7731d73c04d4ea804236fc 13836 runc_1.1.4-0ubuntu4.debian.tar.xz
 d82cb0e083fde1a1f1794409de648db700d02717c7dcffc7eecb8e16591701db 6615 runc_1.1.4-0ubuntu4_source.buildinfo
Files:
 aeefcd2467b0712672544b22cab32b8b 2396 devel optional runc_1.1.4-0ubuntu4.dsc
 0aa90ac1f3f789ec3995b4d8bde645d0 13836 devel optional runc_1.1.4-0ubuntu4.debian.tar.xz
 9566bb9532f5ee593f0b2390aa49650f 6615 devel optional runc_1.1.4-0ubuntu4_source.buildinfo
Original-Maintainer: Debian Go Packaging Team <pkg-go-maintainers at lists.alioth.debian.org>

More information about the mantic-changes mailing list