[ALSA-2023:7763] Moderate: runc security update
Type:
security
Severity:
moderate
Release date:
2023-12-14
Description:
The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Security Fix(es): * golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409) * golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321) * golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 runc-1.1.9-2.el9_3.aarch64.rpm 1d149b8d0b0ba35129ee27e2ad9deb248bca0d7d1750aace17601044d98b361f
ppc64le runc-1.1.9-2.el9_3.ppc64le.rpm 125d30c382147e99f51967443cb1811f98996de7008fa8faf8f9a3f314627c2d
s390x runc-1.1.9-2.el9_3.s390x.rpm 940f6140a2213d5d8a89c85c2481b38190cd4f460eb795ffffc9ee3159a74251
x86_64 runc-1.1.9-2.el9_3.x86_64.rpm 074bdacce30b7266aec255a5c040e49b3a2b7d9de55eac6d8f0ef39ad3ad7612
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.