Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Ubuntu 21.04: 4960-1 Critical: runC File Overwrite Threat

ubuntu
Calendar Grey May 19, 2021
Dist Ubuntu Esm H88
Ubuntu Security Advisory USN-4960-1 reveals a vulnerability in runC that permits unauthorized file replacements by potential intruders. Apply the patch immediately!
runC could be made to overwrite files as the administrator.

Summary

runC could be made to overwrite files as the administrator.

Software Description:

- runc: Open Container Project

Details:

Etienne Champetier discovered that runC incorrectly checked mount targets.

An attacker with a malicious container image could possibly mount the host

filesystem into the container and escalate privileges.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
  runc                            1.0.0~rc93-0ubuntu1.1

Ubuntu 20.10:
  runc                            1.0.0~rc93-0ubuntu1~20.10.2

Ubuntu 20.04 LTS:
  runc                            1.0.0~rc93-0ubuntu1~20.04.2

Ubuntu 18.04 LTS:
  runc                            1.0.0~rc93-0ubuntu1~18.04.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4960-1

CVE-2021-30465

Severity
critical
Lowest
Low
Medium
High
Critical

May 19, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here