Debian 10 Buster DLA-3369-1 Critical Runc Security Update
debian lts
March 27, 2023
Multiple vulnerabilities were discovered in runc, the Open Container Project runtime, which is often used with virtualization environments such as Docker
Summary
CVE-2019-16884
runc, as used in Docker and other products, allows AppArmor and
SELinux restriction bypass because libcontainer/rootfs_linux.go
incorrectly checks mount targets, and thus a malicious Docker
image can mount over a /proc directory.
CVE-2019-19921
runc has Incorrect Access Control leading to Escalation of
Privileges, related to libcontainer/rootfs_linux.go. To exploit
this, an attacker must be able to spawn two containers with custom
volume-mount configurations, and be able to run custom
images. (This vulnerability does not affect Docker due to an
implementation detail that happens to block the attack.)
CVE-2021-30465
runc allows a Container Filesystem Breakout via Directory
Traversal. To exploit the vulnerability, an attacker must be able
to create multiple containers with a fairly specific mount
configuration. The problem occurs via a symlink-exchange attack
that relies on a race condition.
CVE-2022-29162
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Package: runc
Version: 1.0.0~rc6+dfsg1-3+deb10u2
CVE ID: CVE-2019-16884 CVE-2019-19921 CVE-2021-30465 CVE-2022-29162
Debian Bug: 942026 988768
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!