aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Christian Stewart <christian@paral.in>2019-12-02 20:50:00 -0800
committerGravatar Peter Korsgaard <peter@korsgaard.com>2020-01-10 19:40:25 +0100
commit96386b2113a8ee165967111764f8f9c12cd82f84 (patch)
tree050b5d1d5e70c0a118d434b64da3a0903d38877b
parentd4f5e1f197c5ba99adeb88e497a25c04b07abe54 (diff)
downloadbuildroot-96386b2113a8ee165967111764f8f9c12cd82f84.tar.gz
buildroot-96386b2113a8ee165967111764f8f9c12cd82f84.tar.bz2
package/runc: security bump to 1.0.0-rc9
Fixes the following security vulnerability: - CVE-2019-16884: runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. Signed-off-by: Christian Stewart <christian@paral.in> [Peter: mention security impact] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit dbbf08849b70d68c8afd2b6648e7be6d5575d6cb) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/runc/runc.hash2
-rw-r--r--package/runc/runc.mk2
2 files changed, 2 insertions, 2 deletions
diff --git a/package/runc/runc.hash b/package/runc/runc.hash
index 4f663affc4..3e8eff3cca 100644
--- a/package/runc/runc.hash
+++ b/package/runc/runc.hash
@@ -1,3 +1,3 @@
# Locally computed
-sha256 efe4ff9bbe49b19074346d65c914d809c0a3e90d062ea9619fe240f931f0b700 runc-1.0.0-rc8.tar.gz
+sha256 2ec69c25df9f02c6fd38eb287145f8afba6772f809abe01df4534b5bfd68e8d4 runc-1.0.0-rc9.tar.gz
sha256 552a739c3b25792263f731542238b92f6f8d07e9a488eae27e6c4690038a8243 LICENSE
diff --git a/package/runc/runc.mk b/package/runc/runc.mk
index b858742905..acf61ab160 100644
--- a/package/runc/runc.mk
+++ b/package/runc/runc.mk
@@ -4,7 +4,7 @@
#
################################################################################
-RUNC_VERSION = 1.0.0-rc8
+RUNC_VERSION = 1.0.0-rc9
RUNC_SITE = $(call github,opencontainers,runc,v$(RUNC_VERSION))
RUNC_LICENSE = Apache-2.0
RUNC_LICENSE_FILES = LICENSE