moby/hack/dockerfile/install
Sebastiaan van Stijn bc0fd3f617
update runc binary to v1.1.2
This is the second patch release of the runc 1.1 release branch. It
fixes CVE-2022-29162, a minor security issue (which appears to not be
exploitable) related to process capabilities.

This is a similar bug to the ones found and fixed in Docker and
containerd recently (CVE-2022-24769).

- A bug was found in runc where runc exec --cap executed processes with
  non-empty inheritable Linux process capabilities, creating an atypical Linux
  environment. For more information, see GHSA-f3fp-gc8g-vw66 and CVE-2022-29162.
- runc spec no longer sets any inheritable capabilities in the created
  example OCI spec (config.json) file.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-12 13:51:12 +02:00
..
containerd.installer update containerd binary to v1.6.4 2022-05-04 10:58:08 +02:00
dockercli.installer ldmode=pie is not supported for the mips arch 2020-05-21 09:23:00 +08:00
install.sh ldmode=pie is not supported for the mips arch 2020-05-21 09:23:00 +08:00
rootlesskit.installer update RootlessKit to v1.0.0 2022-03-26 02:10:52 +09:00
runc.installer update runc binary to v1.1.2 2022-05-12 13:51:12 +02:00
tini.installer Dockerfile: use version for some utilities instead of commit-sha 2021-09-02 21:23:20 +02:00