package/runc: security bump to version 1.0.0-rc95 (96c23d1d) · Commits · Infra Solutions / Reference Design / platsw / buildroot

Commit 96c23d1d authored May 21, 2021 by Christian Stewart Committed by Yann E. MORIN May 21, 2021

package/runc: security bump to version 1.0.0-rc95

Fixes CVE-2021-30465: runc 1.0.0-rc94 and earlier are vulnerable to a symlink
exchange attack whereby an attacker can request a seemingly-innocuous container
configuration that actually results in the host filesystem being bind-mounted
into the container, allowing for a container escape.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

parent 48fd63e5

Hide whitespace changes

Inline Side-by-side

Please register or to comment