Arch Linux alert ASA-202105-17 (runc)
| From: | Jonas Witschel via arch-security <arch-security@lists.archlinux.org> | |
| To: | arch-security@lists.archlinux.org | |
| Subject: | [ASA-202105-17] runc: sandbox escape | |
| Date: | Wed, 26 May 2021 12:32:22 +0200 | |
| Message-ID: | <20210526103222.526xzoomy747k7cy@archlinux.org> | |
| Cc: | Jonas Witschel <diabonas@archlinux.org> |
Arch Linux Security Advisory ASA-202105-17 ========================================== Severity: High Date : 2021-05-25 CVE-ID : CVE-2021-30465 Package : runc Type : sandbox escape Remote : No Link : https://security.archlinux.org/AVG-1972 Summary ======= The package runc before version 1.0.0rc95-1 is vulnerable to sandbox escape. Resolution ========== Upgrade to 1.0.0rc95-1. # pacman -Syu "runc>=1.0.0rc95-1" The problem has been fixed upstream in version 1.0.0rc95. Workaround ========== Container hardening mechanisms such as LSMs (AppArmor/SELinux) and user namespaces can restrict the amount of damage an attacker could do but they do not block this attack outright. Description =========== runc 1.0.0-rc94 and earlier are vulnerable to a symlink exchange attack where an attacker with the ability to start containers using a custom volume configuration can request a seemingly-innocuous container configuration that results in the host filesystem being bind-mounted into the container (allowing for a container escape). Impact ====== An attacker can escape from a container and access arbitrary files on the host system using a crafted container configuration. References ========== https://github.com/opencontainers/runc/security/advisorie... https://github.com/opencontainers/runc/commit/0ca91f44f16... https://security.archlinux.org/CVE-2021-30465