mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
bc0fd3f617
This is the second patch release of the runc 1.1 release branch. It fixes CVE-2022-29162, a minor security issue (which appears to not be exploitable) related to process capabilities. This is a similar bug to the ones found and fixed in Docker and containerd recently (CVE-2022-24769). - A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. For more information, see GHSA-f3fp-gc8g-vw66 and CVE-2022-29162. - runc spec no longer sets any inheritable capabilities in the created example OCI spec (config.json) file. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> |
||
|---|---|---|
| .. | ||
| containerd.installer | ||
| dockercli.installer | ||
| install.sh | ||
| rootlesskit.installer | ||
| runc.installer | ||
| tini.installer | ||