NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/runc: security bump to version 1.0.0-rc95

Browse Source 
Fixes CVE-2021-30465: runc 1.0.0-rc94 and earlier are vulnerable to a symlink
exchange attack whereby an attacker can request a seemingly-innocuous container
configuration that actually results in the host filesystem being bind-mounted
into the container, allowing for a container escape.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 96c23d1d0f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Christian Stewart 2021-05-21 13:15:17 -07:00 committed by Peter Korsgaard
parent 51e7ddcf3b
commit 10c2e6c588
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/runc/runc.hash
View File

@ -1,3 +1,3 @@
# Locally computed
sha256 28378df983a3c586ed3ec8c76a774a9b10f36a0c323590a284b801cce95cc61f runc-1.0.0-rc92.tar.gz
sha256 02dac7f1a0dcfe55dd9820df787adedf030060870354915e7bba86f8487ce93c runc-1.0.0-rc95.tar.gz
sha256 552a739c3b25792263f731542238b92f6f8d07e9a488eae27e6c4690038a8243 LICENSE

2
package/runc/runc.mk
View File

@ -5,7 +5,7 @@
################################################################################
RUNC_VERSION_MAJOR = 1.0.0
RUNC_VERSION_MINOR = rc92
RUNC_VERSION_MINOR = rc95
RUNC_VERSION = $(RUNC_VERSION_MAJOR)-$(RUNC_VERSION_MINOR)
RUNC_SITE = $(call github,opencontainers,runc,v$(RUNC_VERSION))
RUNC_LICENSE = Apache-2.0