Ubuntu CVE-2024-21626 runc vulnerability
Bug #2051918 reported by
Piotr Zalewski
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-images |
In Progress
|
Critical
|
Unassigned | ||
runc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
runc-app (Ubuntu) |
Fix Released
|
Undecided
|
Lucas Kanashiro |
Bug Description
In all runc < 1.11.12 there is a security problem CVE-2024-21626.
This could cause that attacker could get out of container with root privileges.
New version runc was released (1.11.12) to fix it.
When new version of ami images used for AWS EKS will be released?
Thanks
Piotr
CVE References
information type: | Private Security → Public Security |
To post a comment you must log in.
Hi Piotr,
the CVE page [1] indicates that this was already serviced to all active Ubuntu releases and via pro even to Bionic, Xenial is still being triaged AFAICS.
I'm sure Noble will be updated as well before it is released in a few months.
The publishing time for all of them [2] looks like 02:14 CET last night.
Thereby any new daily image build later than that should includes these fixed versions.
You can compare what you get with the versions as listed in [1] to check if you already got a new one.
[1]: https:/ /ubuntu. com/security/ CVE-2024- 21626 /launchpad. net/ubuntu/ +source/ runc/+publishin ghistory
[2]: https:/