openSUSE: 2025:0074-1 moderate security concern regarding crun

opensuse

February 24, 2025

An update that solves two vulnerabilities and has one errata is now available

Description

This update for crun fixes the following issues:

Update to 1.20:

* krun: fix CVE-2025-24965. The .krun_config.json file could be created

outside of the container rootfs. (bsc#1237421)

* cgroup: reverted the removal of tun/tap from the default allow list,

this was done in crun-1.5. The tun/tap device is now added by default

again.

* CRIU: do not set network_lock unless explicitly specified.

* status: disallow container names containing slashes in their name.

* linux: Improved error message when failing to set the

net.ipv4.ping_group_range sysctl.

* scheduler: Ignore ENOSYS errors when resetting the CPU affinity mask.

* linux: return a better error message when pidfd_open fails with EINVAL.

* cgroup: display the absolute path to cgroup.controllers when a

controller is unavailable.

* exec: always call setsid. Now processes created through exec get the

correct process group id.

Update to...

Read the Full Advisory

Topics Covered

security advisory moderate security update update vulnerability software fix system issue openSUSE crun Crun

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-74=1

Package List

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

crun-1.20-bp156.2.3.1

References

https://www.suse.com/security/cve/CVE-2024-21626.html

https://www.suse.com/security/cve/CVE-2025-24965.html

https://bugzilla.suse.com/show_bug.cgi?id=1217590

https://bugzilla.suse.com/show_bug.cgi?id=1218894

https://bugzilla.suse.com/show_bug.cgi?id=1237421

Announcement ID: openSUSE-SU-2025:0074-1

Rating: moderate

Affected Products: openSUSE Backports SLE-15-SP6 ble.

Topics Covered

security advisory moderate security update update vulnerability software fix system issue openSUSE crun Crun

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE: 2025:0074-1 moderate security concern regarding crun

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE: 2025:0074-1 moderate security concern regarding crun

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!