All of lore.kernel.org
 help / color / mirror / Atom feed
From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] runc: bump to 6635b4f, fixes critical CVE-2019-5736
Date: Tue, 12 Feb 2019 10:20:55 +0100	[thread overview]
Message-ID: <87d0nxwefc.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20190212083818.20746-1-christian@paral.in> (Christian Stewart's message of "Tue, 12 Feb 2019 00:38:18 -0800")

>>>>> "Christian" == Christian Stewart <christian@paral.in> writes:

 > Runc has a bug and related CVE which enables code running in a container to
 > overwrite the runc binary, taking root control of the host system and escaping
 > containment. This commit upgrades Runc to fix the vulnerability.

 > Fixes: CVE-2019-5736
 > Signed-off-by: Christian Stewart <christian@paral.in>

I am working on this as well. The fix (I would prefer to just add commit
0a8e4117e7f715d as a patch for easy backport) uses fexecve, which isn't
available on uClibc, so we need to propagate that dependency to the
reverse dependencies.

I also recently added a unit test for docker / compose. This test uses a
prebuilt uClibc based toolchain, so the test needs to be updated.

-- 
Bye, Peter Korsgaard

      reply	other threads:[~2019-02-12  9:20 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-12  8:38 [Buildroot] [PATCH 1/1] runc: bump to 6635b4f, fixes critical CVE-2019-5736 Christian Stewart
2019-02-12  9:20 ` Peter Korsgaard [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87d0nxwefc.fsf@dell.be.48ers.dk \
    --to=peter@korsgaard.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.