[Buildroot] [PATCH 1/1] package/runc: security bump to version 1.0.0-rc95
peter at korsgaard.com
Mon Jun 7 21:35:07 UTC 2021
>>>>> "Yann" == Yann E MORIN <yann.morin.1998 at free.fr> writes:
> Christian, All,
> On 2021-05-21 13:15 -0700, Christian Stewart spake thusly:
>> Fixes CVE-2021-30465: runc 1.0.0-rc94 and earlier are vulnerable to a symlink
>> exchange attack whereby an attacker can request a seemingly-innocuous container
>> configuration that actually results in the host filesystem being bind-mounted
>> into the container, allowing for a container escape.
>> Signed-off-by: Christian Stewart <christian at paral.in>
Committed to 2021.02.x, thanks.
Bye, Peter Korsgaard
More information about the buildroot