发布于3月6日3月6日 Members CentOS Linux: CVE-2023-28642: Moderate: runc security update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/29/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. Solution(s) centos-upgrade-aardvark-dns centos-upgrade-buildah centos-upgrade-buildah-debuginfo centos-upgrade-buildah-debugsource centos-upgrade-buildah-tests centos-upgrade-buildah-tests-debuginfo centos-upgrade-cockpit-podman centos-upgrade-conmon centos-upgrade-conmon-debuginfo centos-upgrade-conmon-debugsource centos-upgrade-container-selinux centos-upgrade-containernetworking-plugins centos-upgrade-containernetworking-plugins-debuginfo centos-upgrade-containernetworking-plugins-debugsource centos-upgrade-containers-common centos-upgrade-crit centos-upgrade-criu centos-upgrade-criu-debuginfo centos-upgrade-criu-debugsource centos-upgrade-criu-devel centos-upgrade-criu-libs centos-upgrade-criu-libs-debuginfo centos-upgrade-crun centos-upgrade-crun-debuginfo centos-upgrade-crun-debugsource centos-upgrade-fuse-overlayfs centos-upgrade-fuse-overlayfs-debuginfo centos-upgrade-fuse-overlayfs-debugsource centos-upgrade-libslirp centos-upgrade-libslirp-debuginfo centos-upgrade-libslirp-debugsource centos-upgrade-libslirp-devel centos-upgrade-netavark centos-upgrade-oci-seccomp-bpf-hook centos-upgrade-oci-seccomp-bpf-hook-debuginfo centos-upgrade-oci-seccomp-bpf-hook-debugsource centos-upgrade-podman centos-upgrade-podman-catatonit centos-upgrade-podman-catatonit-debuginfo centos-upgrade-podman-debuginfo centos-upgrade-podman-debugsource centos-upgrade-podman-docker centos-upgrade-podman-gvproxy centos-upgrade-podman-gvproxy-debuginfo centos-upgrade-podman-plugins centos-upgrade-podman-plugins-debuginfo centos-upgrade-podman-remote centos-upgrade-podman-remote-debuginfo centos-upgrade-podman-tests centos-upgrade-python3-criu centos-upgrade-python3-podman centos-upgrade-runc centos-upgrade-runc-debuginfo centos-upgrade-runc-debugsource centos-upgrade-skopeo centos-upgrade-skopeo-debuginfo centos-upgrade-skopeo-debugsource centos-upgrade-skopeo-tests centos-upgrade-slirp4netns centos-upgrade-slirp4netns-debuginfo centos-upgrade-slirp4netns-debugsource centos-upgrade-toolbox centos-upgrade-toolbox-debuginfo centos-upgrade-toolbox-debugsource centos-upgrade-toolbox-tests centos-upgrade-udica References CVE-2023-28642
