USN-6088-1: runC vulnerabilities
18 May 2023
Several security issues were fixed in runC.
Releases
Packages
- runc - Open Container Project
Details
It was discovered that runC incorrectly made /sys/fs/cgroup
writable when in rootless mode. An attacker could possibly
use this issue to escalate privileges. (CVE-2023-25809)
It was discovered that runC incorrectly performed access control when
mounting /proc to non-directories. An attacker could possibly use
this issue to escalate privileges. (CVE-2023-27561)
It was discovered that runC incorrectly handled /proc and
/sys mounts inside a container. An attacker could possibly
use this issue to bypass AppArmor, and potentially SELinux.
(CVE-2023-28642)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.04
Ubuntu 22.10
Ubuntu 22.04
Ubuntu 20.04
Ubuntu 18.04
In general, a standard system update will make all the necessary changes.