RHSA-2023:6380MediumCVSS 7.8
Red Hat Security Advisory: runc security update
🔗 CVE IDs covered (5)
📋 Description
CVE-2021-43784 — runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration
CVE-2022-41724 — golang: crypto/tls: large handshake records may cause panics
CVE-2023-25809 — runc: Rootless runc makes /sys/fs/cgroup writable
CVE-2023-27561 — runc: volume mount race condition (regression of CVE-2019-19921)
CVE-2023-28642 — runc: AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2023:6380
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2029439
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2175721
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2178492
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2182883
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2182884
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6380.json