Upstream has issued an advisory on May 11: https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66 It was announced on May 12: https://www.openwall.com/lists/oss-security/2022/05/12/1 The issue is fixed upstream in 1.1.2: https://github.com/opencontainers/runc/releases/tag/v1.1.2 Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 1.1.2Whiteboard: (none) => MGA8TOO
Updated packages uploaded for Mageia 8 and Cauldron by Bruno. opencontainers-runc-1.1.2-2.mga8 from opencontainers-runc-1.1.2-2.mga8.src.rpm
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)CC: (none) => brunoAssignee: bruno => qa-bugsStatus comment: Fixed upstream in 1.1.2 => (none)
Mageia8, x86_64 $ rpm -q opencontainers-runc opencontainers-runc-1.0.3-1.mga8 Clean update: $ rpm -q opencontainers-runc opencontainers-runc-1.1.2-2.mga8 Running a docker session to test, as done previously (e.g. bug 30279). Restarted docker and checked status. OK $ docker run hello-world Reported working docker installation. $ docker ps -a Reported previous sessions. $ docker run -it ubuntu bash root@1114b59493cf:/# exit <That loaded immediately so must have been opening an existing container?> $ docker run -it -h cowsay debian bash Unable to find image 'debian:latest' locally latest: Pulling from library/debian 67e8aa6c8bbc: Pull complete Digest: sha256:6137c67e2009e881526386c42ba99b3657e4f92f546814a33d35b14e60579777 Status: Downloaded newer image for debian:latest root@cowsay:/# apt-get update Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB] Get:2 http://security.debian.org/debian-security bullseye-security InRelease [44.1 kB] Get:3 http://deb.debian.org/debian bullseye-updates InRelease [39.4 kB] Get:4 http://security.debian.org/debian-security bullseye-security/main amd64 Packages [146 kB] Get:5 http://deb.debian.org/debian bullseye/main amd64 Packages [8182 kB] Get:6 http://deb.debian.org/debian bullseye-updates/main amd64 Packages [2596 B] Fetched 8530 kB in 3s (3086 kB/s) Reading package lists... Done root@cowsay:/# apt-get install -y cowsay fortune ...... root@cowsay:/# /usr/games/fortune | /usr/games/cowsay ____________________________ < Save energy: be apathetic. > ---------------------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || root@cowsay:/# exit No regressions so far. Should be OK.
CC: (none) => tarazed25Whiteboard: (none) => MGA8-64-OK
Note added to comment 2: Rerunning the previous command loaded the container immediately $ docker run -it -h cowsay debian bash root@cowsay:/# but the previously installed packages did not come with it so I guess the running container needs to be saved as a new image or something like that to retain new content.
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0192.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED