runc-1.1.12-4.el9_4

エラータID: AXSA:2024-8755:05

Release date: 
Wednesday, September 4, 2024 - 16:20
Subject: 
runc-1.1.12-4.el9_4
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.

Security Fix(es):

* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-24783
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.

Solution: 

Update packages.

CVEs: 
CVE-2024-24783
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.
Additional Info: 

N/A

Download: 

SRPMS
  1. runc-1.1.12-4.el9_4.src.rpm
    MD5: 92b443959f13247a478585a297ab26ae
    SHA-256: 0c08a9df7fb6c7ed6c9d25fe6b1111bb8d66783182bfca466ea5d8dce93926a6
    Size: 2.38 MB

Asianux Server 9 for x86_64
  1. runc-1.1.12-4.el9_4.x86_64.rpm
    MD5: abb9f03c7b411fc46eccb13d94c59b1f
    SHA-256: a623b11e4f8119bb9dc60e4ea5b3783efdf53b746a765e5507bd24e45c2ffad0
    Size: 3.12 MB