-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: runc security update Advisory ID: RHSA-2022:8090-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8090 Issue date: 2022-11-15 CVE Names: CVE-2022-29162 ==================================================================== 1. Summary: An update for runc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Security Fix(es): * runc: incorrect handling of inheritable capabilities (CVE-2022-29162) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2086398 - CVE-2022-29162 runc: incorrect handling of inheritable capabilities 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: runc-1.1.4-1.el9.src.rpm aarch64: runc-1.1.4-1.el9.aarch64.rpm runc-debuginfo-1.1.4-1.el9.aarch64.rpm runc-debugsource-1.1.4-1.el9.aarch64.rpm ppc64le: runc-1.1.4-1.el9.ppc64le.rpm runc-debuginfo-1.1.4-1.el9.ppc64le.rpm runc-debugsource-1.1.4-1.el9.ppc64le.rpm s390x: runc-1.1.4-1.el9.s390x.rpm runc-debuginfo-1.1.4-1.el9.s390x.rpm runc-debugsource-1.1.4-1.el9.s390x.rpm x86_64: runc-1.1.4-1.el9.x86_64.rpm runc-debuginfo-1.1.4-1.el9.x86_64.rpm runc-debugsource-1.1.4-1.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-29162 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY3PhJ9zjgjWX9erEAQglkQ/+NMfaKI3svFA8CoZJjJxelGD7l5Q1fw+r 5rNT54DLvkHMqsx63bIs07+jMXmbzUQgCBUub8yWI7pkTdGnq9KsRvsElLwnOWAN elSl2ReDtUmynMubZrlWYZ93RdkOXAfWlzV4MYW7GnCu6TGokkdC/a0VBEOh/h4C RtIiXsvDI5frm9XYIPAMicI8FUR56ONR1Cob3Z2Pe9i63dAs4WXxVm/Cv11WyzQf +sqWACstPa87iY6NAak+8Kbw4nCEmGxRQR9z9vfQEUxG0y9DxExMkusKTm1Gx2SS lQ4YLcpkDtIpcoebcNMgR2G79+JEgezIF2rFV7euqX2hYPnhlHJTN5R9vnNIwLwL KyuLiRrRn9dIpXnUIhDqknOZmu8GnUIBmEYf5ibU2IdLCI5cC5U93QIN8NnW/0Jf SGlrtnc+pgT4/Pnrrh40odxerL8GwxFX0qPg0Jqta5wp3JuO3E7pXWZMNUBd5Npu mYmX3Vncsz34mNi83fDtFzgwh24BB9NuOk5X2M392Yrn6I0yAO+nxGouakeSFNdm TC072mzT/7Di1Q/Tkz7/oh3C1Xj1ub/YIJDBYcVyHQ3HNcR2nHJC2OhQMOqgLFEc Ie0qLhk33CcbWh5JcNi8+zAQBLKT5E/Ii0o0Wp9KvfWkkW+HEoAFHqsjhl/lql6s V8IOomEs/qU=KNI1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce