UbuntuUpdates.org

Package "runc"

Name: runc

Description:

Open Container Project - runtime

Latest version: 1.1.4-0ubuntu1~18.04.2
Release: bionic (18.04)
Level: updates
Repository: universe
Homepage: https://github.com/opencontainers/runc

Links


Download "runc"


Other versions of "runc" in Bionic

Repository Area Version
base universe 1.0.0~rc4+dfsg1-6
security universe 1.1.4-0ubuntu1~18.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.1.4-0ubuntu1~18.04.2 2023-05-17 16:07:19 UTC

  runc (1.1.4-0ubuntu1~18.04.2) bionic-security; urgency=medium

  * d/p/lp2013318-fix-device-files-in-containers.patch: Fix inability to use
    device files such as /dev/null in containers (LP: #2013318)
  * SECURITY UPDATE: Incorrect access control through /sys/fs/cgroup
    - debian/patches/CVE-2023-25809.patch: apply MS_RDONLY if
      /sys/fs/cgroup is bind-mounted or mask if bind source is unavailable
      in libcontainer/rootfs_linux.go.
    - CVE-2023-25809
  * SECURITY UPDATE: Incorrect access control through /proc and /sys
    - debian/patches/CVE-2023-27561_2023-28642.patch: Prohibit /proc and
      /sys to be symlinks in libcontainer/rootfs_linux.go.
    - CVE-2023-27561
    - CVE-2023-28642

 -- David Fernandez Gonzalez <email address hidden> Tue, 16 May 2023 12:07:05 +0200

Source diff to previous version
2013318 Inability to use some devices when inside a container
CVE-2023-25809 runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes
CVE-2023-27561 runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an att
CVE-2023-28642 runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` in

Version: 1.1.4-0ubuntu1~18.04.1 2023-03-10 00:06:58 UTC

  runc (1.1.4-0ubuntu1~18.04.1) bionic; urgency=medium

  * Backport version 1.1.4-0ubuntu1 from Lunar (LP: #1996909).
    - d/control: b-d on golang-1.18-go instead of golang-any.
    - d/rules: build with Golang 1.18.
    - d/rules: set GO111MODULE to off.
    - d/rules: set GOCACHE.

 -- Lucas Kanashiro <email address hidden> Thu, 17 Nov 2022 14:05:31 -0300

Source diff to previous version

Version: 1.1.0-0ubuntu1~18.04.1 2022-11-21 12:06:18 UTC

  runc (1.1.0-0ubuntu1~18.04.1) bionic; urgency=medium

  * Backport version 1.1.0-0ubuntu1 from Jammy (LP: #1960449).
    - Build with Golang 1.16
      + d/control: b-d on golang-1.16-go instead of golang-any.
      + d/rules: add Golang 1.16 to $PATH.
    - d/rules: set GO111MODULE to off, to avoid Internet connection during the
      build.
    - d/rules: set GOCACHE to build directory.

 -- Lucas Kanashiro <email address hidden> Thu, 31 Mar 2022 16:03:03 -0300

Source diff to previous version

Version: 1.0.1-0ubuntu2~18.04.1 2021-11-04 19:07:25 UTC

  runc (1.0.1-0ubuntu2~18.04.1) bionic; urgency=medium

  * Backport version 1.0.1-0ubuntu2 from Impish (LP: #1938908).
    - Build with Golang 1.13
      + d/control: b-d on golang-1.13-go instead of golang-any.
      + d/rules: add Golang 1.13 to $PATH.
    - d/rules: set GOPATH to a temporary directory.
    - d/rules: set GO111MODULE to off, to avoid Internet connection during the
      build.

Source diff to previous version

Version: 1.0.0~rc95-0ubuntu1~18.04.2 2021-07-26 16:06:23 UTC

  runc (1.0.0~rc95-0ubuntu1~18.04.2) bionic-security; urgency=medium

  * No change rebuild in -security pocket. (LP: #1937286)

 -- Marc Deslauriers <email address hidden> Fri, 23 Jul 2021 14:46:29 -0400




About   -   Send Feedback to @ubuntu_updates