[Buildroot] [PATCH 2/2] runc: security bump to fix CVE-2016-9962

Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed

From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 2/2] runc: security bump to fix CVE-2016-9962
Date: Sun, 22 Jan 2017 22:39:56 +0100	[thread overview]
Message-ID: <20170122213956.1805-2-peter@korsgaard.com> (raw)
In-Reply-To: <20170122213956.1805-1-peter@korsgaard.com>

RunC allowed additional container processes via runc exec to be ptraced by
the pid 1 of the container.  This allows the main processes of the
container, if running as root, to gain access to file-descriptors of these
new processes during the initialization and can lead to container escapes or
modification of runC state before the process is fully placed inside the
container.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/runc/runc.hash | 2 +-
 package/runc/runc.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/runc/runc.hash b/package/runc/runc.hash
index 5b5400eee..0b6a24ffc 100644
--- a/package/runc/runc.hash
+++ b/package/runc/runc.hash
@@ -1,2 +1,2 @@
 # Locally computed
-sha256 638742c48426b9a3281aeb619e27513d972de228bdbd43b478baea99c186d491  runc-v1.0.0-rc2.tar.gz
+sha256 374822cc2895ed3899b7a3a03b566413ea782fccec1307231f27894e9c6d5bea  runc-50a19c6ff828c58e5dab13830bd3dacde268afe5.tar.gz
diff --git a/package/runc/runc.mk b/package/runc/runc.mk
index 661872c96..95afcaaff 100644
--- a/package/runc/runc.mk
+++ b/package/runc/runc.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-RUNC_VERSION = v1.0.0-rc2
+RUNC_VERSION = 50a19c6ff828c58e5dab13830bd3dacde268afe5
 RUNC_SITE = $(call github,opencontainers,runc,$(RUNC_VERSION))
 RUNC_LICENSE = Apache-2.0
 RUNC_LICENSE_FILES = LICENSE
-- 
2.11.0

next prev parent reply	other threads:[~2017-01-22 21:39 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-22 21:39 [Buildroot] [PATCH 1/2] docker-engine: security bump to version 1.12.6 Peter Korsgaard
2017-01-22 21:39 ` Peter Korsgaard [this message]
2017-01-23  8:09 ` Thomas Petazzoni

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:5b5400ee dfblob:0b6a24ff dfblob:661872c9 dfblob:95afcaaf )
 OR (
bs:"[Buildroot] [PATCH 2/2] runc: security bump to fix CVE-2016-9962" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170122213956.1805-2-peter@korsgaard.com \
    --to=peter@korsgaard.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox