diff options
author | Sebastiaan van Stijn <github@gone.nl> | 2023-03-30 14:41:26 +0200 |
---|---|---|
committer | Sebastiaan van Stijn <github@gone.nl> | 2023-04-26 14:50:34 +0200 |
commit | 40ec0eb9fe21d5fe8a9e98c8aa26e49a442f6036 (patch) | |
tree | 301ce035a384fa622b46bb6e87050c5af8433d73 | |
parent | 6f83b8c3f4e6e79e9a0c416bf8ec1c2038195499 (diff) | |
download | docker-40ec0eb9fe21d5fe8a9e98c8aa26e49a442f6036.tar.gz |
vendor: github.com/opencontainers/runc v1.1.5
no changes in vendored code, just keeping scanners happy :)
release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.5
diff: https://github.com/opencontainers/runc/compare/v1.1.4...v1.1.5
This is the fifth patch release in the 1.1.z series of runc, which fixes
three CVEs found in runc.
* CVE-2023-25809 is a vulnerability involving rootless containers where
(under specific configurations), the container would have write access
to the /sys/fs/cgroup/user.slice/... cgroup hierarchy. No other
hierarchies on the host were affected. This vulnerability was
discovered by Akihiro Suda.
<https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc>
* CVE-2023-27561 was a regression which effectively re-introduced
CVE-2019-19921. This bug was present from v1.0.0-rc95 to v1.1.4. This
regression was discovered by @Beuc.
<https://github.com/advisories/GHSA-vpvm-3wq2-2wvm>
* CVE-2023-28642 is a variant of CVE-2023-27561 and was fixed by the same
patch. This variant of the above vulnerability was reported by Lei
Wang.
<https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c>
In addition, the following other fixes are included in this release:
* Fix the inability to use `/dev/null` when inside a container.
* Fix changing the ownership of host's `/dev/null` caused by fd redirection
(a regression in 1.1.1).
* Fix rare runc exec/enter unshare error on older kernels, including
CentOS < 7.7.
* nsexec: Check for errors in `write_log()`.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a17029ba4911843c1a429660caab02c41e5d3c56)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
-rw-r--r-- | vendor.mod | 2 | ||||
-rw-r--r-- | vendor.sum | 4 | ||||
-rw-r--r-- | vendor/modules.txt | 2 |
3 files changed, 4 insertions, 4 deletions
diff --git a/vendor.mod b/vendor.mod index 2233bebf8d..6f25db5dc0 100644 --- a/vendor.mod +++ b/vendor.mod @@ -65,7 +65,7 @@ require ( github.com/morikuni/aec v1.0.0 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.0.3-0.20220303224323-02efb9a75ee1 - github.com/opencontainers/runc v1.1.3 + github.com/opencontainers/runc v1.1.5 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 github.com/opencontainers/selinux v1.10.2 github.com/pelletier/go-toml v1.9.5 diff --git a/vendor.sum b/vendor.sum index 88c27b236a..27c8a94ce8 100644 --- a/vendor.sum +++ b/vendor.sum @@ -810,8 +810,8 @@ github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0= github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0= -github.com/opencontainers/runc v1.1.3 h1:vIXrkId+0/J2Ymu2m7VjGvbSlAId9XNRPhn2p4b+d8w= -github.com/opencontainers/runc v1.1.3/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= +github.com/opencontainers/runc v1.1.5 h1:L44KXEpKmfWDcS02aeGm8QNTFXTo2D+8MYGDIJ/GDEs= +github.com/opencontainers/runc v1.1.5/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= diff --git a/vendor/modules.txt b/vendor/modules.txt index 8d9e3fdfd2..52995ad853 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -711,7 +711,7 @@ github.com/opencontainers/go-digest/digestset github.com/opencontainers/image-spec/identity github.com/opencontainers/image-spec/specs-go github.com/opencontainers/image-spec/specs-go/v1 -# github.com/opencontainers/runc v1.1.3 +# github.com/opencontainers/runc v1.1.5 ## explicit; go 1.16 github.com/opencontainers/runc/libcontainer/cgroups github.com/opencontainers/runc/libcontainer/configs |