Bug 33519 - opencontainers-runc new security issue CVE-2024-45310
Summary: opencontainers-runc new security issue CVE-2024-45310
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2024-09-05 15:57 CEST by Nicolas Salguero
Modified: 2025-01-10 20:55 CET (History)
3 users (show)

See Also:
Source RPM: opencontainers-runc
CVE: CVE-2024-45310
Status comment: Fixed upstream in 1.1.14 and patch available from upstream

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-09-05 15:57:06 CEST 
That CVE was announced here:
https://www.openwall.com/lists/oss-security/2024/09/03/1
Nicolas Salguero 2024-09-05 15:57:46 CEST

Source RPM: (none) => opencontainers-runc-1.1.12-1.mga10.src.rpm
Status comment: (none) => Fixed upstream in 1.1.14 and patch available from upstream
Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2024-45310

Comment 1 Marja Van Waes 2024-09-06 21:03:33 CEST 
Assigning to our registered opencontainers-runc maintainer.

Assignee: bugsquad => bruno
CC: (none) => marja11

Frank Wilson 2025-01-08 08:19:01 CET

CC: (none) => marierhodes024

David Walser 2025-01-08 12:55:50 CET

CC: marierhodes024 => (none)

Comment 3 Bruno Cornec 2025-01-09 01:51:49 CET 
Sorry, I missed that BR :-( Working on it

Status: NEW => ASSIGNED

Comment 4 Bruno Cornec 2025-01-09 01:55:29 CET 
Cauldron updated to latest 1.2.4.

Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9

Comment 5 Bruno Cornec 2025-01-09 02:00:08 CET 
1.1.14 pushed to updates_testing for mga9

Local test with docker doesn't show regression on my side.

SRPMS/opencontainers-runc-1.1.14-1.mga9.src.rpm
RPMS/x86_64/opencontainers-runc-devel-1.1.14-1.mga9.x86_64.rpm
RPMS/x86_64/opencontainers-runc-1.1.14-1.mga9.x86_64.rpm

Assignee: bruno => qa-bugs

katnatek 2025-01-09 17:00:27 CET

Keywords: (none) => advisory

katnatek 2025-01-09 18:22:46 CET

Source RPM: opencontainers-runc-1.1.12-1.mga10.src.rpm => opencontainers-runc

Comment 6 katnatek 2025-01-09 18:32:00 CET 
RH x86_64

Install current version and  update

installing opencontainers-runc-devel-1.1.14-1.mga9.x86_64.rpm opencontainers-runc-1.1.14-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/2: opencontainers-runc   ##################################################################################################
      2/2: opencontainers-runc-devel
                                 ##################################################################################################
      1/2: removing opencontainers-runc-devel-1:1.1.9-1.mga9.x86_64
                                 ##################################################################################################
      2/2: removing opencontainers-runc-1:1.1.9-1.mga9.x86_64
                                 ##################################################################################################

As the packager do also a test I give OK

CC: (none) => andrewsfarm
Whiteboard: (none) => MGA9-64-OK

Comment 7 Thomas Andrews 2025-01-09 22:11:37 CET 
Validating.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

Comment 8 Mageia Robot 2025-01-10 20:55:17 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0004.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.