openSUSE: 2021:4171-1 moderate: runc

Advisories


   openSUSE Security Update: Security update for runc
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2021:4171-1
Rating:             moderate
References:         #1193436 
Cross-References:   CVE-2021-43784
CVSS scores:
                    CVE-2021-43784 (NVD) : 6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Affected Products:
                    openSUSE Leap 15.3
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for runc fixes the following issues:

   Update to runc v1.0.3.

   * CVE-2021-43784: Fixed a potential vulnerability related to the internal
     usage
     of netlink, which is believed to not be exploitable with any released
      versions of runc (bsc#1193436)
   * Fixed inability to start a container with read-write bind mount of a
     read-only fuse host mount.
   * Fixed inability to start when read-only /dev in set in spec.
   * Fixed not removing sub-cgroups upon container delete, when rootless
     cgroup v2 is used with older systemd.
   * Fixed returning error from GetStats when hugetlb is unsupported (which
     causes excessive logging for kubernetes).


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2021-4171=1



Package List:

   - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

      runc-1.0.3-27.1
      runc-debuginfo-1.0.3-27.1


References:

   https://www.suse.com/security/cve/CVE-2021-43784.html
   https://bugzilla.suse.com/1193436

openSUSE: 2021:4171-1 moderate: runc

December 23, 2021
An update that fixes one vulnerability is now available

Description

This update for runc fixes the following issues: Update to runc v1.0.3. * CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436) * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. * Fixed inability to start when read-only /dev in set in spec. * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes).

Patch

To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-4171=1

Package List

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): runc-1.0.3-27.1 runc-debuginfo-1.0.3-27.1

References

https://www.suse.com/security/cve/CVE-2021-43784.html https://bugzilla.suse.com/1193436

Severity
Announcement ID: openSUSE-SU-2021:4171-1
Rating: moderate
Affected Products: openSUSE Leap 15.3 .

Related News

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.