GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sat Jul 10, 2021 6:26 am Post subject: [ GLSA 202107-26 ] runC |
 |
|
Gentoo Linux Security Advisory
Title: runC: Container breakout (GLSA 202107-26)
Severity: low
Exploitable: remote
Date: 2021-07-10
Bug(s): #790257
ID: 202107-26
Synopsis
A vulnerability has been found in runC which could result in
privilege escalation.
Background
runC is a CLI tool for spawning and running containers according to the
OCI specification.
Affected Packages
Package: app-emulation/runc
Vulnerable: < 1.0.0_rc95
Unaffected: >= 1.0.0_rc95
Architectures: All supported architectures
Description
A vulnerability in runC could allow an attacker to achieve privilege
escalation if specific mount configuration prerequisites are satisfied.
Impact
An attacker may be able to escalation privileges to gain access to the
host system.
Workaround
There is no known workaround at this time.
Resolution
All runC users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/runc-1.0.0_rc95"
|
References
CVE-2021-30465
Last edited by GLSA on Sat Jan 22, 2022 4:50 am; edited 2 times in total |
|
News & Announcements
