Package "runc"

  runc (1.1.4-0ubuntu1~18.04.2) bionic-security; urgency=medium

  * d/p/lp2013318-fix-device-files-in-containers.patch: Fix inability to use
    device files such as /dev/null in containers (LP: #2013318)
  * SECURITY UPDATE: Incorrect access control through /sys/fs/cgroup
    - debian/patches/CVE-2023-25809.patch: apply MS_RDONLY if
      /sys/fs/cgroup is bind-mounted or mask if bind source is unavailable
      in libcontainer/rootfs_linux.go.
    - CVE-2023-25809
  * SECURITY UPDATE: Incorrect access control through /proc and /sys
    - debian/patches/CVE-2023-27561_2023-28642.patch: Prohibit /proc and
      /sys to be symlinks in libcontainer/rootfs_linux.go.
    - CVE-2023-27561
    - CVE-2023-28642

 -- David Fernandez Gonzalez <email address hidden> Tue, 16 May 2023 12:07:05 +0200

  runc (1.0.0~rc95-0ubuntu1~18.04.2) bionic-security; urgency=medium

  * No change rebuild in -security pocket. (LP: #1937286)

 -- Marc Deslauriers <email address hidden> Fri, 23 Jul 2021 14:46:29 -0400

  runc (1.0.0~rc93-0ubuntu1~18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: symlink exchange attack
    - debian/patches/CVE-2021-30465/*.patch: upstream patches to add mount
      destination validation.
    - CVE-2021-30465

 -- Eduardo Barretto <email address hidden> Thu, 13 May 2021 18:11:36 +0200

  runc (1.0.0~rc10-0ubuntu1~18.04.2) bionic-security; urgency=medium

  * No change rebuild in the -security pocket.

 -- Marc Deslauriers <email address hidden> Mon, 09 Mar 2020 07:58:37 -0400

  runc (1.0.0~rc7+git20190403.029124da-0ubuntu1~18.04.2) bionic-security; urgency=medium

  * No change rebuild for the -security pocket