[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2841-1] runc security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2841-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
December 06, 2021                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : runc
Version        : 0.1.1+dfsg1-2+deb9u3
CVE ID         : CVE-2021-43784

It was discovered that there was an overflow issue in runc, the
runtime for the Open Container Project, often used with Docker.

The Netlink 'bytemsg' length field could have allowed an attacker to
override Netlink-based container configurations. This vulnerability
required the attacker to have some control over the configuration of
the container, but would have allowed the attacker to bypass the
namespace restrictions of the container by simply adding their own
Netlink payload which disables all namespaces.

For Debian 9 "Stretch", this problem has been fixed in version
0.1.1+dfsg1-2+deb9u3.

We recommend that you upgrade your runc packages.

For the detailed security status of runc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/runc

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmGukYwACgkQHpU+J9Qx
HljF8w/+LHWY4pcYvhLQvAyodPFvTxlxZ60QlA70Pvspva8LRww59nNH1QnBQTxC
LLuD6UfhjXMt/tm4nAQ0X7sAhBSBVBn2OUVDZj4b6sWCb68Ideqviud4jzYvxbYD
1JrjSvK+/A0cJhsSac9rppMg4B3lPeekW6AmIsLWswW4olJROtmbRzgn1j5GSTyn
XdL7HwKwgbuzs1u2cKYjExJIdVNlIuUrVQH2njCHTeK3sVn20bFpAmwLnWhO3+yJ
Fy7sMAtbvW2eNht7e5qL+tamHcg4PlZkuO7cu698tSkfpTMgD0hfv5Il5Gw1e6Lq
HkDmFaSMiJiFlK/iybg7WeiHSKuhAQOXKuOHrx81s4ayYv3PZ3Jltj4lG9asNPSB
BsTKmXGYvzn0mEa1wVuQpEDRt/n3yUruzKxaWA3iFU6FfT+vFgJ3N5D/lpgieLid
AyYQqojHhoBMFmpUvZeuDObTgQ/EBo07VCsN56F59iGbclPWd/cFC5J7p3ahmQhC
0DAL/P3THd9tRAUS8WrugwNI/hlAoqhay0lw05x3B4ZOgFaFzaQOlzsN4jzsY5i8
Tar22dhJU3/D/K0TUcqWZsUqGzu86flN93nEFcnrDnZGiSvzwMutjeA4T126vXH3
wdTKalOmYgxpM5Kk7IlEmYmlbSs8NHHH3LetFGkGIs/goZTmduM=
=vcTl
-----END PGP SIGNATURE-----


Reply to: