USN-6619-1

Rory McNamara discovered that runC did not properly manage internal file descriptor while managing containers. An attacker could possibly use this issue to obtain sensitive information or bypass container restrictions.

References

Affected packages

Ubuntu:Pro:18.04:LTS / runc

Package

Name: runc
Purl: pkg:deb/ubuntu/runc@1.1.4-0ubuntu1~18.04.2+esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.4-0ubuntu1~18.04.2+esm1

Affected versions

1.*

1.0.0~rc2+docker1.13.1-0ubuntu1

1.0.0~rc4+dfsg1-2

1.0.0~rc4+dfsg1-6

1.0.0~rc4+dfsg1-6ubuntu0.18.04.1

1.0.0~rc7+git20190403.029124da-0ubuntu1~18.04.1

1.0.0~rc7+git20190403.029124da-0ubuntu1~18.04.2

1.0.0~rc7+git20190403.029124da-0ubuntu1~18.04.2+esm1

1.0.0~rc10-0ubuntu1~18.04.1

1.0.0~rc10-0ubuntu1~18.04.2

1.0.0~rc93-0ubuntu1~18.04.1

1.0.0~rc93-0ubuntu1~18.04.2

1.0.0~rc95-0ubuntu1~18.04.1

1.0.0~rc95-0ubuntu1~18.04.2

1.0.1-0ubuntu2~18.04.1

1.1.0-0ubuntu1~18.04.1

1.1.4-0ubuntu1~18.04.1

1.1.4-0ubuntu1~18.04.2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "golang-github-opencontainers-runc-dev",
            "binary_version": "1.1.4-0ubuntu1~18.04.2+esm1"
        },
        {
            "binary_name": "runc",
            "binary_version": "1.1.4-0ubuntu1~18.04.2+esm1"
        },
        {
            "binary_name": "runc-dbgsym",
            "binary_version": "1.1.4-0ubuntu1~18.04.2+esm1"
        }
    ]
}

Ubuntu:20.04:LTS / runc

Package

Name: runc
Purl: pkg:deb/ubuntu/runc@1.1.7-0ubuntu1~20.04.2?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.7-0ubuntu1~20.04.2

Affected versions

1.*

1.0.0~rc8+git20190923.3e425f80-0ubuntu1

1.0.0~rc10-0ubuntu1

1.0.0~rc93-0ubuntu1~20.04.1

1.0.0~rc93-0ubuntu1~20.04.2

1.0.0~rc95-0ubuntu1~20.04.1

1.0.0~rc95-0ubuntu1~20.04.2

1.0.1-0ubuntu2~20.04.1

1.1.0-0ubuntu1~20.04.1

1.1.0-0ubuntu1~20.04.2

1.1.4-0ubuntu1~20.04.1

1.1.4-0ubuntu1~20.04.2

1.1.4-0ubuntu1~20.04.3

1.1.7-0ubuntu1~20.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "golang-github-opencontainers-runc-dev",
            "binary_version": "1.1.7-0ubuntu1~20.04.2"
        },
        {
            "binary_name": "runc",
            "binary_version": "1.1.7-0ubuntu1~20.04.2"
        },
        {
            "binary_name": "runc-dbgsym",
            "binary_version": "1.1.7-0ubuntu1~20.04.2"
        }
    ]
}

Ubuntu:22.04:LTS / runc

Package

Name: runc
Purl: pkg:deb/ubuntu/runc@1.1.7-0ubuntu1~22.04.2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.7-0ubuntu1~22.04.2

Affected versions

1.*

1.0.1-0ubuntu2

1.0.1-0ubuntu3

1.0.3-0ubuntu1

1.1.0-0ubuntu1

1.1.0-0ubuntu1.1

1.1.4-0ubuntu1~22.04.1

1.1.4-0ubuntu1~22.04.2

1.1.4-0ubuntu1~22.04.3

1.1.7-0ubuntu1~22.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "golang-github-opencontainers-runc-dev",
            "binary_version": "1.1.7-0ubuntu1~22.04.2"
        },
        {
            "binary_name": "runc",
            "binary_version": "1.1.7-0ubuntu1~22.04.2"
        },
        {
            "binary_name": "runc-dbgsym",
            "binary_version": "1.1.7-0ubuntu1~22.04.2"
        }
    ]
}