USN-4867-1: runC vulnerabilities
10 August 2021
Several security issues were fixed in runC.
Releases
Packages
- runc - Open Container Project
Details
It was discovered that runC incorrectly checked mount targets. An attacker
with a malicious container image could possibly mount over the /proc
directory and escalate privileges. (CVE-2019-16884)
Etienne Champetier discovered that runC incorrectly checked mount targets.
An attacker with a malicious container image could possibly mount the host
filesystem into the container and escalate privileges. (CVE-2021-30465)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
runc
-
1.0.0~rc7+git20190403.029124da-0ubuntu1~16.04.4+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-4297-1: golang-github-opencontainers-runc-dev, runc
- USN-4960-1: golang-github-opencontainers-runc-dev, runc