RedHat: RHSA-2022-8090:01 Low: runc security update | LinuxSecurity...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: runc security update
Advisory ID:       RHSA-2022:8090-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8090
Issue date:        2022-11-15
CVE Names:         CVE-2022-29162 
=====================================================================

1. Summary:

An update for runc is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The runC tool is a lightweight, portable implementation of the Open
Container Format (OCF) that provides container runtime.

Security Fix(es):

* runc: incorrect handling of inheritable capabilities (CVE-2022-29162)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 9.1 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2086398 - CVE-2022-29162 runc: incorrect handling of inheritable capabilities

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:
runc-1.1.4-1.el9.src.rpm

aarch64:
runc-1.1.4-1.el9.aarch64.rpm
runc-debuginfo-1.1.4-1.el9.aarch64.rpm
runc-debugsource-1.1.4-1.el9.aarch64.rpm

ppc64le:
runc-1.1.4-1.el9.ppc64le.rpm
runc-debuginfo-1.1.4-1.el9.ppc64le.rpm
runc-debugsource-1.1.4-1.el9.ppc64le.rpm

s390x:
runc-1.1.4-1.el9.s390x.rpm
runc-debuginfo-1.1.4-1.el9.s390x.rpm
runc-debugsource-1.1.4-1.el9.s390x.rpm

x86_64:
runc-1.1.4-1.el9.x86_64.rpm
runc-debuginfo-1.1.4-1.el9.x86_64.rpm
runc-debugsource-1.1.4-1.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-29162
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY3PhJ9zjgjWX9erEAQglkQ/+NMfaKI3svFA8CoZJjJxelGD7l5Q1fw+r
5rNT54DLvkHMqsx63bIs07+jMXmbzUQgCBUub8yWI7pkTdGnq9KsRvsElLwnOWAN
elSl2ReDtUmynMubZrlWYZ93RdkOXAfWlzV4MYW7GnCu6TGokkdC/a0VBEOh/h4C
RtIiXsvDI5frm9XYIPAMicI8FUR56ONR1Cob3Z2Pe9i63dAs4WXxVm/Cv11WyzQf
+sqWACstPa87iY6NAak+8Kbw4nCEmGxRQR9z9vfQEUxG0y9DxExMkusKTm1Gx2SS
lQ4YLcpkDtIpcoebcNMgR2G79+JEgezIF2rFV7euqX2hYPnhlHJTN5R9vnNIwLwL
KyuLiRrRn9dIpXnUIhDqknOZmu8GnUIBmEYf5ibU2IdLCI5cC5U93QIN8NnW/0Jf
SGlrtnc+pgT4/Pnrrh40odxerL8GwxFX0qPg0Jqta5wp3JuO3E7pXWZMNUBd5Npu
mYmX3Vncsz34mNi83fDtFzgwh24BB9NuOk5X2M392Yrn6I0yAO+nxGouakeSFNdm
TC072mzT/7Di1Q/Tkz7/oh3C1Xj1ub/YIJDBYcVyHQ3HNcR2nHJC2OhQMOqgLFEc
Ie0qLhk33CcbWh5JcNi8+zAQBLKT5E/Ii0o0Wp9KvfWkkW+HEoAFHqsjhl/lql6s
V8IOomEs/qU=
=KNI1
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-8090:01 Low: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9

Summary

The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.
Security Fix(es):
* runc: incorrect handling of inheritable capabilities (CVE-2022-29162)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changesdescribed in this advisory, refer to:https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2022-29162 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

Package List

Red Hat Enterprise Linux AppStream (v. 9):
Source: runc-1.1.4-1.el9.src.rpm
aarch64: runc-1.1.4-1.el9.aarch64.rpm runc-debuginfo-1.1.4-1.el9.aarch64.rpm runc-debugsource-1.1.4-1.el9.aarch64.rpm
ppc64le: runc-1.1.4-1.el9.ppc64le.rpm runc-debuginfo-1.1.4-1.el9.ppc64le.rpm runc-debugsource-1.1.4-1.el9.ppc64le.rpm
s390x: runc-1.1.4-1.el9.s390x.rpm runc-debuginfo-1.1.4-1.el9.s390x.rpm runc-debugsource-1.1.4-1.el9.s390x.rpm
x86_64: runc-1.1.4-1.el9.x86_64.rpm runc-debuginfo-1.1.4-1.el9.x86_64.rpm runc-debugsource-1.1.4-1.el9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity
Advisory ID: RHSA-2022:8090-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:8090
Issued Date: : 2022-11-15
CVE Names: CVE-2022-29162

Topic

An update for runc is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

2086398 - CVE-2022-29162 runc: incorrect handling of inheritable capabilities

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.