Updated opencontainers-runc packages fix security vulnerability
Publication date: 27 Aug 2021Type: security
Affected Mageia releases : 8
CVE: CVE-2021-30465
Description
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition (CVE-2021-30465).
References
- https://bugs.mageia.org/show_bug.cgi?id=28962
- https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/35ZW6NBZSBH5PWIT7JU4HXOXGFVDCOHH/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30465
SRPMS
8/core
- opencontainers-runc-1.0.2-1.mga8