[ALSA-2024:2180] Moderate: runc security update
Type:
security
Severity:
moderate
Release date:
2024-05-07
Description:
The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Security Fix(es): * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630) * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632) * golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 runc-1.1.12-2.el9.aarch64.rpm de4bd0adeb9d875d4258bc76691a5990e882ba0096979bd4cf6a71fc289f41a5
ppc64le runc-1.1.12-2.el9.ppc64le.rpm 1ddf49df80ec9823234b0477ad4d3356123dd84252c5392d2b076a072afdf2ad
s390x runc-1.1.12-2.el9.s390x.rpm ca2ba567e1d1152d64c8cd51681edbb9f44020a82b4f1dc0decef053922c33d3
x86_64 runc-1.1.12-2.el9.x86_64.rpm 7b45d4a16c4e05398e374bb8a5a2386b909b836e75d9b8215180efaa627a6606
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.