* [Buildroot] [PATCH 1/1] package/runc: security bump to v1.1.2
@ 2022-06-01 18:10 Christian Stewart via buildroot
2022-06-01 21:14 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 3+ messages in thread
From: Christian Stewart via buildroot @ 2022-06-01 18:10 UTC (permalink / raw)
To: buildroot; +Cc: Christian Stewart, Yann E . MORIN, Thomas Petazzoni
Fixes CVE-2022-29162
Minor security issue (which appears to not be exploitable) related to process
capabilities.
A bug was found in runc where runc exec --cap executed processes with ble Linux
process capabilities, creating an atypical Linux environment. For more
information, see GHSA-f3fp-gc8g-vw66 and CVE-2022-29162.
runc spec no longer sets any inheritable capabilities in the created example OCI
spec (config.json) file.
https://github.com/opencontainers/runc/releases/tag/v1.1.2
Signed-off-by: Christian Stewart <christian@paral.in>
---
package/runc/runc.hash | 2 +-
package/runc/runc.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/runc/runc.hash b/package/runc/runc.hash
index fe3c4cc488..f8133d13c1 100644
--- a/package/runc/runc.hash
+++ b/package/runc/runc.hash
@@ -1,3 +1,3 @@
# Locally computed
-sha256 11a34535c108b36fd59de58e7bef3a130444c9ea41e4b8bb8f8d4654c8ad654c runc-1.1.1.tar.gz
+sha256 0ccce82b1d9c058d8fd7443d261c96fd7a803f2775bcb1fec2bdb725bc7640f6 runc-1.1.2.tar.gz
sha256 552a739c3b25792263f731542238b92f6f8d07e9a488eae27e6c4690038a8243 LICENSE
diff --git a/package/runc/runc.mk b/package/runc/runc.mk
index 2618b71f63..5faa8b683d 100644
--- a/package/runc/runc.mk
+++ b/package/runc/runc.mk
@@ -4,7 +4,7 @@
#
################################################################################
-RUNC_VERSION = 1.1.1
+RUNC_VERSION = 1.1.2
RUNC_SITE = $(call github,opencontainers,runc,v$(RUNC_VERSION))
RUNC_LICENSE = Apache-2.0, LGPL-2.1 (libseccomp)
RUNC_LICENSE_FILES = LICENSE
--
2.35.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/runc: security bump to v1.1.2
2022-06-01 18:10 [Buildroot] [PATCH 1/1] package/runc: security bump to v1.1.2 Christian Stewart via buildroot
@ 2022-06-01 21:14 ` Thomas Petazzoni via buildroot
2022-06-07 13:59 ` Peter Korsgaard
0 siblings, 1 reply; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2022-06-01 21:14 UTC (permalink / raw)
To: Christian Stewart via buildroot; +Cc: Yann E . MORIN
On Wed, 1 Jun 2022 11:10:47 -0700
Christian Stewart via buildroot <buildroot@buildroot.org> wrote:
> Fixes CVE-2022-29162
>
> Minor security issue (which appears to not be exploitable) related to process
> capabilities.
>
> A bug was found in runc where runc exec --cap executed processes with ble Linux
> process capabilities, creating an atypical Linux environment. For more
> information, see GHSA-f3fp-gc8g-vw66 and CVE-2022-29162.
>
> runc spec no longer sets any inheritable capabilities in the created example OCI
> spec (config.json) file.
>
> https://github.com/opencontainers/runc/releases/tag/v1.1.2
>
> Signed-off-by: Christian Stewart <christian@paral.in>
> ---
> package/runc/runc.hash | 2 +-
> package/runc/runc.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/runc: security bump to v1.1.2
2022-06-01 21:14 ` Thomas Petazzoni via buildroot
@ 2022-06-07 13:59 ` Peter Korsgaard
0 siblings, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-06-07 13:59 UTC (permalink / raw)
To: Thomas Petazzoni via buildroot; +Cc: Yann E . MORIN, Thomas Petazzoni
>>>>> "Thomas" == Thomas Petazzoni via buildroot <buildroot@buildroot.org> writes:
> On Wed, 1 Jun 2022 11:10:47 -0700
> Christian Stewart via buildroot <buildroot@buildroot.org> wrote:
>> Fixes CVE-2022-29162
>>
>> Minor security issue (which appears to not be exploitable) related to process
>> capabilities.
>>
>> A bug was found in runc where runc exec --cap executed processes with ble Linux
>> process capabilities, creating an atypical Linux environment. For more
>> information, see GHSA-f3fp-gc8g-vw66 and CVE-2022-29162.
>>
>> runc spec no longer sets any inheritable capabilities in the created example OCI
>> spec (config.json) file.
>>
>> https://github.com/opencontainers/runc/releases/tag/v1.1.2
>>
>> Signed-off-by: Christian Stewart <christian@paral.in>
>> ---
>> package/runc/runc.hash | 2 +-
>> package/runc/runc.mk | 2 +-
>> 2 files changed, 2 insertions(+), 2 deletions(-)
> Applied to master, thanks.
Committed to 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-06-07 13:59 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-06-01 18:10 [Buildroot] [PATCH 1/1] package/runc: security bump to v1.1.2 Christian Stewart via buildroot
2022-06-01 21:14 ` Thomas Petazzoni via buildroot
2022-06-07 13:59 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox