runc-1.0.0-66.rc8.el7

エラータID: AXSA:2020-4524:01

Release date: 
Monday, March 23, 2020 - 16:44
Subject: 
runc-1.0.0-66.rc8.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.

Security Fix(es):

* runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation (CVE-2019-19921)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-19921
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

Solution: 

Update packages.

CVEs: 
CVE-2019-19921
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
Additional Info: 

N/A

Download: 

SRPMS
  1. runc-1.0.0-66.rc8.el7.src.rpm
    MD5: 151ad9be737d26684434efdbbb3a23fe
    SHA-256: 775024117bb66e386452b7f0cfbde786da2662e7b58646c442e2116157d433ff
    Size: 1.55 MB

Asianux Server 7 for x86_64
  1. runc-1.0.0-66.rc8.el7.x86_64.rpm
    MD5: 5afe76bd65c1af86ea86848a402f0d6e
    SHA-256: eaba8f87b2f5cb6880a00e592681419309ac82114fe9028ab797b971827023cd
    Size: 1.99 MB