Fedora 33 DIS-2021-ec00da7faa Moderate: DoS Threat for Runc Security

The runc command can be used to start containers which are packaged

in accordance with the Open Container Initiative's specifications,

and to manage containers running under runc.

- crun and runc both `Provides: oci-runtime`. - containers-common now has

`Requires: oci-runtime`. - `dnf install oci-runtime` will install crun by

default unless runc is already installed. ---- buildah: Security fix for

CVE-2021-20291 Autobuilt v1.20.1

* Wed Apr 21 2021 Lokesh Mandvekar - 2:1.0.0-377.rc93

- add Provides: oci-runtime in the right place

* Tue Apr 13 2021 Lokesh Mandvekar - 2:1.0.0-376.dev.git12644e6

- unversioned Provides: oci-runtime

- runc package will also provide an unversioned Provides: oci-runtime.

- user should pull in runc separately or else it will install crun by default

(alphabetical order)

- similar situation as caddy, httpd, lighttpd and nginx having Provides: webserver

[ 1 ] Bug #1939485 - CVE-2021-20291 containers/storage: DoS via malicious image

https://bugzilla.redhat.com/show_bug.cgi?id=1939485

su -c 'dnf upgrade --advisory FEDORA-2021-ec00da7faa' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure