Runc Package Security Update Advisory (CVE-2024-21626)

Feb 01 2024

Overview

An update has been made available to fix vulnerabilities in the Runc package. Users of affected versions are advised to update to the latest version.

Affected Products

All versions of Runc 1.1.11 and earlier

Resolved Vulnerabilities

Container escape vulnerability due to file descriptor leak in the runc package (CVE-2024-21626)

Vulnerability Patches

Vulnerability patches were made available in the February 1, 2024 update. Please follow the instructions on the reference site to update to the latest vulnerability patch version.

Runc 1.1.12 version

Referenced Sites

[1] CVE-2024-21626 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-21626
[2] runc 1.1.12 — “Now you’re thinking with Portals™!”
https://github.com/opencontainers/runc/releases/tag/v1.1.12
[3] RHSB-2024-001 Leaky Vessels – runc – (CVE-2024-21626)
https://access.redhat.com/security/vulnerability/RHSB-2024-001

Runc Package Security Update Advisory (CVE-2024-21626)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

FFmpeg Security Update Advisory (CVE-2024-22860, CVE-2024-22861, CVE-2024-22862)

BuildKit Security Update Advisory (CVE-2024-23652, CVE-2024-23653)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

FFmpeg Security Update Advisory (CVE-2024-22860, CVE-2024-22861, CVE-2024-22862)

BuildKit Security Update Advisory (CVE-2024-23652, CVE-2024-23653)