Alibaba Cloud Linux 2.1903 Security Advisory: ALINUX2-SA-2024:0013
Issued: 2024-03-25
Updated: 2024-03-25
Summary
docker security update
Severity
Important
Description
Package updates are available for Alibaba Cloud Linux 2.1903 that fix the following vulnerabilities:
CVE-2024-21626:
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
References
Updated Packages
- aarch64
- docker-1.13.1-210.git7d71120.1.al7.aarch64.rpm → (download)
- docker-client-1.13.1-210.git7d71120.1.al7.aarch64.rpm → (download)
- docker-common-1.13.1-210.git7d71120.1.al7.aarch64.rpm → (download)
- docker-debuginfo-1.13.1-210.git7d71120.1.al7.aarch64.rpm → (download)
- docker-logrotate-1.13.1-210.git7d71120.1.al7.aarch64.rpm → (download)
- docker-lvm-plugin-1.13.1-210.git7d71120.1.al7.aarch64.rpm → (download)
- docker-novolume-plugin-1.13.1-210.git7d71120.1.al7.aarch64.rpm → (download)
- docker-rhel-push-plugin-1.13.1-210.git7d71120.1.al7.aarch64.rpm → (download)
- docker-v1.10-migrator-1.13.1-210.git7d71120.1.al7.aarch64.rpm → (download)
- src
- docker-1.13.1-210.git7d71120.1.al7.src.rpm → (download)
- x86_64
- docker-1.13.1-210.git7d71120.1.al7.x86_64.rpm → (download)
- docker-client-1.13.1-210.git7d71120.1.al7.x86_64.rpm → (download)
- docker-common-1.13.1-210.git7d71120.1.al7.x86_64.rpm → (download)
- docker-debuginfo-1.13.1-210.git7d71120.1.al7.x86_64.rpm → (download)
- docker-logrotate-1.13.1-210.git7d71120.1.al7.x86_64.rpm → (download)
- docker-lvm-plugin-1.13.1-210.git7d71120.1.al7.x86_64.rpm → (download)
- docker-novolume-plugin-1.13.1-210.git7d71120.1.al7.x86_64.rpm → (download)
- docker-rhel-push-plugin-1.13.1-210.git7d71120.1.al7.x86_64.rpm → (download)
- docker-v1.10-migrator-1.13.1-210.git7d71120.1.al7.x86_64.rpm → (download)