moby/hack/dockerfile at 4aa2876c75f29962c10f9ae033ed01092fc2946b - beenull/moby

History

Sebastiaan van Stijn 77be7b777c update runc binary to v1.1.5 release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.5 diff: https://github.com/opencontainers/runc/compare/v1.1.4...v1.1.5 This is the fifth patch release in the 1.1.z series of runc, which fixes three CVEs found in runc. * CVE-2023-25809 is a vulnerability involving rootless containers where (under specific configurations), the container would have write access to the /sys/fs/cgroup/user.slice/... cgroup hierarchy. No other hierarchies on the host were affected. This vulnerability was discovered by Akihiro Suda. <https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc> * CVE-2023-27561 was a regression which effectively re-introduced CVE-2019-19921. This bug was present from v1.0.0-rc95 to v1.1.4. This regression was discovered by @Beuc. <https://github.com/advisories/GHSA-vpvm-3wq2-2wvm> * CVE-2023-28642 is a variant of CVE-2023-27561 and was fixed by the same patch. This variant of the above vulnerability was reported by Lei Wang. <https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c> In addition, the following other fixes are included in this release: * Fix the inability to use `/dev/null` when inside a container. * Fix changing the ownership of host's `/dev/null` caused by fd redirection (a regression in 1.1.1). * Fix rare runc exec/enter unshare error on older kernels, including CentOS < 7.7. * nsexec: Check for errors in `write_log()`. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2023-03-30 14:43:55 +02:00
..
etc/docker	Dockerfile: add crun to dev image	2022-06-10 17:25:10 -04:00
install	update runc binary to v1.1.5	2023-03-30 14:43:55 +02:00

Sebastiaan van Stijn 77be7b777c

release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.5
diff: https://github.com/opencontainers/runc/compare/v1.1.4...v1.1.5

This is the fifth patch release in the 1.1.z series of runc, which fixes
three CVEs found in runc.

* CVE-2023-25809 is a vulnerability involving rootless containers where
  (under specific configurations), the container would have write access
  to the /sys/fs/cgroup/user.slice/... cgroup hierarchy. No other
  hierarchies on the host were affected. This vulnerability was
  discovered by Akihiro Suda.
  <https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc>

* CVE-2023-27561 was a regression which effectively re-introduced
  CVE-2019-19921. This bug was present from v1.0.0-rc95 to v1.1.4. This
  regression was discovered by @Beuc.
  <https://github.com/advisories/GHSA-vpvm-3wq2-2wvm>

* CVE-2023-28642 is a variant of CVE-2023-27561 and was fixed by the same
  patch. This variant of the above vulnerability was reported by Lei
  Wang.
  <https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c>

In addition, the following other fixes are included in this release:

* Fix the inability to use `/dev/null` when inside a container.
* Fix changing the ownership of host's `/dev/null` caused by fd redirection
  (a regression in 1.1.1).
* Fix rare runc exec/enter unshare error on older kernels, including
  CentOS < 7.7.
* nsexec: Check for errors in `write_log()`.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

2023-03-30 14:43:55 +02:00

etc/docker

Dockerfile: add crun to dev image

2022-06-10 17:25:10 -04:00

install

update runc binary to v1.1.5

2023-03-30 14:43:55 +02:00