ALSA-2025:20957

[ALSA-2025:20957] Important: runc security update

Type:

security

Severity:

important

Release date:

2025-11-19

Description:

The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.  

Security Fix(es):  

  * runc: container escape via 'masked path' abuse due to mount race conditions (CVE-2025-31133)
  * runc: container escape with malicious config due to /dev/console mount and related races (CVE-2025-52565)
  * runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	runc-1.3.0-4.el9_7.aarch64.rpm	9f2cdba440472f03448b3b12307d7dd68da81ae70516b5c61b8939006113802c
ppc64le	runc-1.3.0-4.el9_7.ppc64le.rpm	5a343a16cdbfc0e33836199d89c7239a2e09519a96b4502717338bb1a4c96b25
s390x	runc-1.3.0-4.el9_7.s390x.rpm	0904a896fa1c91bc77fefe70ddc7f615af685cc1a0bd0b5dc0f79a97fd2d2a8f
x86_64	runc-1.3.0-4.el9_7.x86_64.rpm	6e792660c50b31c696de697f8bb02c8a2e0b765d020e5728b1f6c33bacf7ac27

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.