Bug 31729

I suggest that we wait for officieal 1.1.5 due to other CVE to be fixed with it: https://github.com/opencontainers/runc/issues/3789

Status: NEW => ASSIGNED

1.1.5 submitted for cauldron and mga8 updates_testing.

Version: Cauldron => 8
CC: (none) => bruno
Whiteboard: MGA8TOO => (none)
Assignee: bruno => qa-bugs
Status comment: Patches available from upstream and Debian => (none)

opencontainers-runc-1.1.5-1.mga8

from opencontainers-runc-1.1.5-1.mga8.src.rpm


Note that this is still awaiting a freeze move for Cauldron.  In fact, I don't see a request submitted to the dev ml.  Bruno?

I made the request to the sysadmin ml.

Mageia8, x86_64

CLI tool for open containers.

Clean update from the previously tested version.
Referencing bug 30421.
Restarted docker and ran hello-world to check installation.
$ docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
$ docker ps -a
CONTAINER ID   IMAGE         COMMAND    CREATED          STATUS                      PORTS     NAMES
737663dbf81f   hello-world   "/hello"   24 seconds ago   Exited (0) 23 seconds ago             zealous_ride

$ docker run -it ubuntu bash
Unable to find image 'ubuntu:latest' locally
latest: Pulling from library/ubuntu
2ab09b027e7f: Pull complete 
Digest: sha256:67211c14fa74f070d27cc59d69a7fa9aeff8e28ea118ef3babc295a0428a6d21
Status: Downloaded newer image for ubuntu:latest
root@c65071eda6c0:/# exit
exit
$ docker run -it -h cowsay debian bash
Unable to find image 'debian:latest' locally
latest: Pulling from library/debian
3e440a704568: Pull complete 
Digest: sha256:7b991788987ad860810df60927e1adbaf8e156520177bd4db82409f81dd3b721
Status: Downloaded newer image for debian:latest
root@cowsay:/# apt-get update
[...]
Fetched 8642 kB in 2s (4631 kB/s)                           
Reading package lists... Done
root@cowsay:/# /usr/games/fortune | /usr/games/cowsay
bash: /usr/games/cowsay: No such file or directory
bash: /usr/games/fortune: No such file or directory
root@cowsay:/# apt-get install ruby
<installed ruby 2.7>
Running hooks in /etc/ca-certificates/update.d...
done.
root@cowsay:/# 
irb
irb(main):001:0> a = (1..21).to_a
=> [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21]
irb(main):002:0> sum = a.inject(&:+)
=> 231
irb(main):003:0> exit
root@cowsay:/# exit
exit

Shame about cowsay.  Must have found greener grass over the hill.
Anyway, the container is functioning with docker.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => tarazed25

Absolutely OT.
Fortunately we have it.
$ fortune | cowsay -t
 _______________________________________ 
/ The average individual's position in  \
| any hierarchy is a lot like pulling a |
| dogsled -- there's no real change of  |
\ scenery except for the lead dog.      /
 --------------------------------------- 
        \   ^__^
         \  (--)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

(OT) According to https://markets.businessinsider.com/commodities/live-cattle-price?op=1 live cattle prices to the farmer are up 80% over the last three years. If you couple that with the rising costs of feeding them it's not surprising that some cattle, even talking ones, might not be as easy to find as they once were.

But I digress from the business at hand. Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Nice one TJ!

SUSE has issued an advisory for this on April 3:
https://lists.suse.com/pipermail/sle-security-updates/2023-April/014342.html

The update to 1.1.5 also fixed two other CVEs.  Good moove Bruno!  :D

Summary: opencontainers-runc new security issue CVE-2023-27561 => opencontainers-runc new security issues CVE-2023-25809, CVE-2023-27561, and CVE-2023-28642

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0125.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED