* [Buildroot] [git commit branch/2016.11.x] runc: security bump to fix CVE-2016-9962
@ 2017-01-23 14:51 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2017-01-23 14:51 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=b13040fa27baf8fcb412aca3624fd1426ab598cc
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2016.11.x
RunC allowed additional container processes via runc exec to be ptraced by
the pid 1 of the container. This allows the main processes of the
container, if running as root, to gain access to file-descriptors of these
new processes during the initialization and can lead to container escapes or
modification of runC state before the process is fully placed inside the
container.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d6706dc430ebb1dade6f90a8d45503c23abec99d)
---
package/runc/runc.hash | 2 +-
package/runc/runc.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/runc/runc.hash b/package/runc/runc.hash
index 5b5400e..0b6a24f 100644
--- a/package/runc/runc.hash
+++ b/package/runc/runc.hash
@@ -1,2 +1,2 @@
# Locally computed
-sha256 638742c48426b9a3281aeb619e27513d972de228bdbd43b478baea99c186d491 runc-v1.0.0-rc2.tar.gz
+sha256 374822cc2895ed3899b7a3a03b566413ea782fccec1307231f27894e9c6d5bea runc-50a19c6ff828c58e5dab13830bd3dacde268afe5.tar.gz
diff --git a/package/runc/runc.mk b/package/runc/runc.mk
index 661872c..95afcaa 100644
--- a/package/runc/runc.mk
+++ b/package/runc/runc.mk
@@ -4,7 +4,7 @@
#
################################################################################
-RUNC_VERSION = v1.0.0-rc2
+RUNC_VERSION = 50a19c6ff828c58e5dab13830bd3dacde268afe5
RUNC_SITE = $(call github,opencontainers,runc,$(RUNC_VERSION))
RUNC_LICENSE = Apache-2.0
RUNC_LICENSE_FILES = LICENSE
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2017-01-23 14:51 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-23 14:51 [Buildroot] [git commit branch/2016.11.x] runc: security bump to fix CVE-2016-9962 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.