Sourced from github.com/opencontainers/runc's releases.
runc v1.1.14 -- "年を取っていいことは、驚かなくなることね。"
This is the fourteenth patch release in the 1.1.z release branch of runc. It includes a fix for a low severity security issue (CVE-2024-45310) as well as some minor build-related fixes (including Go 1.23 support).
- Fix CVE-2024-45310, a low-severity attack that allowed maliciously configured containers to create empty files and directories on the host.
- Add support for Go 1.23. (#4360, #4372)
- Revert "allow overriding VERSION value in Makefile" and add EXTRA_VERSION. (#4370, #4382)
- rootfs: consolidate mountpoint creation logic. (#4359)
Static Linking Notices
The
runc
binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, withrunc
acting as a "work that uses the Library":The versions of these libraries were not modified from their upstream versions, but in order to comply with the LGPL-2.1 (§6(a)), we have attached the complete source code for those libraries which (when combined with the attached runc source code) may be used to exercise your rights under the LGPL-2.1.
However we strongly suggest that you make use of your distribution's packages or download them from the authoritative upstream sources, especially since these libraries are related to the security of your containers.
Thanks to all of the contributors who made this release possible:
- Akihiro Suda akihiro.suda.cz@hco.ntt.co.jp
- Aleksa Sarai cyphar@cyphar.com
- Kir Kolyshkin kolyshkin@gmail.com
- Rodrigo Campos rodrigoca@microsoft.com
- Sebastiaan van Stijn thaJeztah@users.noreply.github.com
- lifubang lifubang@acmcoder.com
Signed-off-by: Aleksa Sarai cyphar@cyphar.com
Sourced from github.com/opencontainers/runc's changelog.
[1.1.14] - 2024-09-03
年を取っていいことは、驚かなくなることね。
Security
- Fix CVE-2024-45310, a low-severity attack that allowed maliciously configured containers to create empty files and directories on the host.
Added
Fixed
2c9f560
VERSION: release 1.1.14a86c3d8
Merge commit from forkf0b652e
[1.1] rootfs: try to scope MkdirAll to stay inside the rootfs8781993
[1.1] rootfs: consolidate mountpoint creation logic6419fba
Merge pull request #4382
from rata/Makefile-override-fixes0514204
Makefile: Add EXTRA_VERSION18cdc34
Revert "allow overriding VERSION value in Makefile"f3f71a9
Merge pull request #4372
from kolyshkin/1.1-go1237f75aec
[1.1] Add Go 1.23, drop 1.21931f463
Merge pull request #4361
from austinvazquez/backport-protobuf-updates-to-1.1