crun-1.27-1.el9_7
エラータID: AXSA:2026-411:02
Release date:
Tuesday, April 7, 2026 - 21:24
Subject:
crun-1.27-1.el9_7
Affected Channels:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
crun is a OCI runtime
Security Fix(es):
* crun: crun: Privilege escalation due to incorrect parsing of the `--user` option (CVE-2026-30892)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-30892
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue.
Solution:
Update packages.
CVEs:
CVE-2026-30892
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue.
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue.
Additional Info:
N/A
Download:
SRPMS
- crun-1.27-1.el9_7.src.rpm
MD5: b0796af03e8b023f98549bc406c5a77b
SHA-256: 00eee941341f024508b3873c2fcd9349befebb99dba3d53353b1fe2091d4ba41
Size: 880.88 kB
Asianux Server 9 for x86_64
- crun-1.27-1.el9_7.x86_64.rpm
MD5: 11c38968b2b7ca82b98638c89a503591
SHA-256: 842a673e267f6b3758527317aa1a70ba044a0c13cb32bec9511e6a0183c8b70f
Size: 255.51 kB