Browse code
Update runc to 6635b4f (fix CVE-2019-5736)
- Fixes a vulnerability in runc that allows a container escape (CVE-2019-5736)
https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d,
- Includes security fix for `runc run --no-pivot` (`DOCKER_RAMDISK=1`):
https://github.com/opencontainers/runc/commit/28a697cce3e4f905dca700eda81d681a30eef9cd
(NOTE: the vuln is attackable only when `DOCKER_RAMDISK=1` is set && seccomp is disabled)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn authored on 2019/02/12 22:05:25Showing 1 changed files
| ... | ... |
@@ -4,7 +4,7 @@ |
| 4 | 4 |
# The version of runc should match the version that is used by the containerd |
| 5 | 5 |
# version that is used. If you need to update runc, open a pull request in |
| 6 | 6 |
# the containerd project first, and update both after that is merged. |
| 7 |
-RUNC_COMMIT=96ec2177ae841256168fcf76954f7177af9446eb |
|
| 7 |
+RUNC_COMMIT=6635b4f0c6af3810594d2770f662f34ddc15b40d |
|
| 8 | 8 |
|
| 9 | 9 |
install_runc() {
|
| 10 | 10 |
# If using RHEL7 kernels (3.10.0 el7), disable kmem accounting/limiting |