Headline
Debian Security Advisory 5615-1
Debian Linux Security Advisory 5615-1 - It was discovered that runc, a command line client for running applications packaged according to the Open Container Format (OCF), was susceptible to multiple container break-outs due to an internal file descriptor leak.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5615-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffFebruary 04, 2024 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : runcCVE ID : CVE-2024-21626It was discovered that runc, a command line client for runningapplications packaged according to the Open Container Format (OCF), wassuspectible to multiple container breakouts due to an internal filedescriptor leak.For the oldstable distribution (bullseye), this problem has been fixedin version 1.0.0~rc93+ds1-5+deb11u3.For the stable distribution (bookworm), this problem has been fixed inversion 1.1.5+ds1-1+deb12u1.We recommend that you upgrade your runc packages.For the detailed security status of runc please refer toits security tracker page at:https://security-tracker.debian.org/tracker/runcFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmW/2/oACgkQEMKTtsN8TjbbzxAAh2354+lngRRQ7hLtEYgFa8SrkJmgIAMPvR5S1fNWh60wOdUG1690QuzxQm19ZpcF/QJFw6yefECYHWMzmqBJiv2WNadGOT7S9YqZ+ILz/ohwA+1HjH92F/Xl5BTA+Rg9O2hTSqGdDUB8qPpz0/mBin89m1B0y6xpLgF2C/3NiNkOeiuSmVcMsAc/h64VovNPuRGz3/VcPPyO85avjL6ZXEA9L48dPoliTzonNOk+DRgYb4YsFTP1T0RcyrchTLljMkCx2l8gVWKD0BLtH8wDO12kOAlAtnPN9ufB9FXfe9axobvOYalYzOca5/kvRVZ246GwyUG+OM9y01AJsZzKMHnqcT8T3q27FRGu9OFYMN0gONnTLiwEYrjxonzBApm0OPg5XqflRTxVL154tIQi9jmyxGDsHdRmtBCeQw2B7bvoX/bpFijcjvP3FLSWkKmduGocrYm4FgnwiYgh4714fo56HZG4x9u+Y4iplPQWlnv9dEVAzw/oUGr+z0s1TJLfZYEZSpmju2e7afiZbRHdB7YBx8wj02R7yIJJF2sF3tk5eo2UpRJzBSwaolek8b4PcQBsT5h8UAmT0z6WhSFOXwjhmkMD61OFUoPEmWlXJz9VbbWuqmd4R23iYq3r9nkaieQutrbc+i7EXMUT42ogZgOFBG1mQPXeL8PECXfnazs==H2CG-----END PGP SIGNATURE-----Related news
Gentoo Linux Security Advisory 202408-25 - Multiple vulnerabilities have been discovered in runc, the worst of which could lead to privilege escalation. Versions greater than or equal to 1.1.12 are affected.
Red Hat Security Advisory 2024-4597-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass and traversal vulnerabilities.
Hello everyone! In this episode, I will talk about the February updates of my open source projects, also about projects at my main job at Positive Technologies and interesting vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239140 Let’s start with my open source projects. Vulremi A simple vulnerability remediation utility, Vulremi, now has a logo and […]
Red Hat Security Advisory 2024-0764-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Security Advisory 2024-0760-03 - An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Security Advisory 2024-0759-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Security Advisory 2024-0758-03 - An update for the container-tools:2.0 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Security Advisory 2024-0757-03 - An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Security Advisory 2024-0756-03 - An update for runc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Security Advisory 2024-0752-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.
Red Hat Security Advisory 2024-0717-03 - An update for runc is now available for Red Hat Enterprise Linux 7 Extras.
Red Hat Security Advisory 2024-0670-03 - An update for runc is now available for Red Hat Enterprise Linux 9.
runc versions 1.1.11 and below, as used by containerization technologies such as Docker engine and Kubernetes, are vulnerable to an arbitrary file write vulnerability. Due to a file descriptor leak it is possible to mount the host file system with the permissions of runc (typically root). Successfully tested on Ubuntu 22.04 with runc 1.1.7-0ubuntu1~22.04.1 using Docker build.
Ubuntu Security Notice 6619-1 - Rory McNamara discovered that runC did not properly manage internal file descriptor while managing containers. An attacker could possibly use this issue to obtain sensitive information or bypass container restrictions.
### Impact In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from `runc exec`) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through `runc run` ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). Strictly speaking, while attack 3a is the most severe from a CVSS perspective, attacks 2 and 3b are arguably more dangerous in practice because they allow for a breakout from inside a container as opposed to requiring a user execute a malicious image. The reason attacks 1 and 3a are scored higher is because being able to socially engineer users is treated as a given for UI:R ...
Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks. The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk. "These container