UbuntuUpdates.org

Package "golang-github-opencontainers-runc-dev"

Name: golang-github-opencontainers-runc-dev

Description:

Open Container Project - development files
Latest version: 1.1.7-0ubuntu1~22.04.5
Release: jammy (22.04)
Level: updates
Repository: universe
Head package: runc
Homepage: https://github.com/opencontainers/runc

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "golang-github-opencontainers-runc-dev"

All arch deb package
APT INSTALL

Other versions of "golang-github-opencontainers-runc-dev" in Jammy

Repository Area Version
base universe 1.1.0-0ubuntu1
security universe 1.1.7-0ubuntu1~22.04.5

Changelog

Version: 1.1.7-0ubuntu1~22.04.5 2024-07-10 11:07:23 UTC

  runc (1.1.7-0ubuntu1~22.04.5) jammy-security; urgency=medium

  * No change rebuild due to golang-1.21 update

 -- Nishit Majithia <email address hidden> Wed, 10 Jul 2024 09:51:49 +0530
Source diff to previous version

Version: 1.1.7-0ubuntu1~22.04.4 2024-06-10 11:07:17 UTC

  runc (1.1.7-0ubuntu1~22.04.4) jammy; urgency=medium

  * d/t/control: remove basic-smoke test since it depends on runc binary now
    provided by src:runc-app.
Source diff to previous version

Version: 1.1.7-0ubuntu1~22.04.2 2024-02-01 03:07:14 UTC

  runc (1.1.7-0ubuntu1~22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: container escape vulnerability
    - d/p/0001-Fix-File-to-Close.patch: Fix File to Close
    - d/p/0002-init-verify-after-chdir-that-cwd-is-inside-the-conta.patch:
      init: verify after chdir that cwd is inside the container
    - d/p/0003-setns-init-do-explicit-lookup-of-execve-argument-ear.patch:
      setns init: do explicit lookup of execve argument early
    - d/p/0004-init-close-internal-fds-before-execve.patch: init: close
      internal fds before execve
    - d/p/0005-cgroup-plug-leaks-of-sys-fs-cgroup-handle.patch: cgroup:
      plug leaks of /sys/fs/cgroup handle
    - d/p/0006-libcontainer-mark-all-non-stdio-fds-O_CLOEXEC-before.patch:
      ibcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
    - CVE-2024-21626

 -- Nishit Majithia <email address hidden> Wed, 24 Jan 2024 16:40:36 +0530
Source diff to previous version

Version: 1.1.7-0ubuntu1~22.04.1 2023-08-02 06:07:03 UTC

  runc (1.1.7-0ubuntu1~22.04.1) jammy; urgency=medium

  * Backport version from Mantic to Jammy (LP: #2023694).

 -- Lucas Kanashiro <email address hidden> Fri, 30 Jun 2023 17:42:42 -0300
Source diff to previous version

Version: 1.1.4-0ubuntu1~22.04.3 2023-05-17 16:07:26 UTC

  runc (1.1.4-0ubuntu1~22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Incorrect access control through /sys/fs/cgroup
    - debian/patches/CVE-2023-25809.patch: apply MS_RDONLY if
      /sys/fs/cgroup is bind-mounted or mask if bind source is unavailable
      in libcontainer/rootfs_linux.go.
    - CVE-2023-25809
  * SECURITY UPDATE: Incorrect access control through /proc and /sys
    - debian/patches/CVE-2023-27561_2023-28642.patch: Prohibit /proc and
      /sys to be symlinks in libcontainer/rootfs_linux.go.
    - CVE-2023-27561
    - CVE-2023-28642

 -- David Fernandez Gonzalez <email address hidden> Mon, 15 May 2023 12:31:53 +0200
CVE-2023-25809 runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes
CVE-2023-27561 runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an att
CVE-2023-28642 runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` in


About   -   Send Feedback to @ubuntu_updates