From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] runc: bump to 6635b4f, fixes critical CVE-2019-5736
Date: Tue, 12 Feb 2019 10:20:55 +0100 [thread overview]
Message-ID: <87d0nxwefc.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20190212083818.20746-1-christian@paral.in> (Christian Stewart's message of "Tue, 12 Feb 2019 00:38:18 -0800")
>>>>> "Christian" == Christian Stewart <christian@paral.in> writes:
> Runc has a bug and related CVE which enables code running in a container to
> overwrite the runc binary, taking root control of the host system and escaping
> containment. This commit upgrades Runc to fix the vulnerability.
> Fixes: CVE-2019-5736
> Signed-off-by: Christian Stewart <christian@paral.in>
I am working on this as well. The fix (I would prefer to just add commit
0a8e4117e7f715d as a patch for easy backport) uses fexecve, which isn't
available on uClibc, so we need to propagate that dependency to the
reverse dependencies.
I also recently added a unit test for docker / compose. This test uses a
prebuilt uClibc based toolchain, so the test needs to be updated.
--
Bye, Peter Korsgaard
prev parent reply other threads:[~2019-02-12 9:20 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-12 8:38 [Buildroot] [PATCH 1/1] runc: bump to 6635b4f, fixes critical CVE-2019-5736 Christian Stewart
2019-02-12 9:20 ` Peter Korsgaard [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d0nxwefc.fsf@dell.be.48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.