Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Fedora 30: FEDORA-2019-bc70b381ad Moderate: Runc Container Escape Risk

fedora
Calendar Grey May 2, 2019
Dist Fedora Esm H88
An update in Fedora resolves runc vulnerabilities on systems where SELinux is turned off, improving the security and administration of containers.
This runc version should fix the keycreate issues on SELinux disabled machines

Summary

The runc command can be used to start containers which are packaged

in accordance with the Open Container Initiative's specifications,

and to manage containers running under runc.

This runc version should fix the keycreate issues on SELinux disabled machines.

---- Latest upstream

* Wed Apr 24 2019 Daniel Walsh - 2:1.0.0-92.dev.gitc1b8c57a

- Fix issue with runc failing on SELinux disabled machines

* Fri Apr 19 2019 Daniel Walsh - 2:1.0.0-91.dev.gitda202113

- Revert Build with nokmem

* Wed Apr 17 2019 Daniel Walsh - 2:1.0.0-90.dev.gitda202113

- Build with nokmem

* Thu Apr 4 2019 Lokesh Mandvekar (Bot) - 2:1.0.0-89.dev.git029124d

- autobuilt 029124d

* Wed Apr 3 2019 Lokesh Mandvekar (Bot) - 2:1.0.0-88.dev.git6a3f474

- autobuilt 6a3f474

* Thu Mar 28 2019 Daniel Walsh - 2:1.0.0-87.dev.gitda202113

- release candidate 7

* Sat Mar 23 2019 Lokesh Mandvekar (Bot) - 2:1.0.0-86.dev.git11fc498

- autobuilt 11fc498

[ 1 ] Bug #1699326 - podman Error: error reading container (probably exited) json message: EOF

https://bugzilla.redhat.com/show_bug.cgi?id=1699326

[ 2 ] Bug #1674490 - CVE-2019-5736 container-tools:2018.0/runc: Execution of malicious containers allows for container escape and access to host filesystem [fedora-29]

https://bugzilla.redhat.com/show_bug.cgi?id=1674490

su -c 'dnf upgrade --advisory FEDORA-2019-bc70b381ad' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory Fedora threat mitigation runc container escape SELinux fix

Change Log

References

Update Instructions

Product: Fedora 30
Version: 1.0.0
Release: 92.dev.gitc1b8c57.fc30
URL: https://github.com/opencontainers/runc
Summary: CLI for running Open Containers

Topics%20covered

Topics Covered

security advisory Fedora threat mitigation runc container escape SELinux fix

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here