Advisories » MGASA-2020-0103

Updated opencontainers-runc packages fix security vulnerability

Publication date: 26 Feb 2020
Modification date: 26 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-19921

Description

Updated opencontainers-runc package fixes security vulnerability:

An attacker who controls the container image for two containers that
share a volume can race volume mounts during container initialization,
by adding a symlink to the rootfs that points to a directory on the
volume (CVE-2019-19921).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26173
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2NWDTSREUDLT3UFYS5SBIVQBS4YRA35A/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19921

SRPMS

7/core

• opencontainers-runc-1.0.0-0.rc10.3.1.mga7