Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-132817

Bump to runc v1.2.9 or v1.3.4 to get CVE and regression fixes.

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • None
    • rhel-8.10.z
    • runc
    • None
    • Moderate
    • rhel-container-tools
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • All
    • None

      With the fixes for CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, a few regressions were created in runc

      https://github.com/opencontainers/runc/releases/tag/v1.3.4

      • libct: fix mips compilation. (#4962#4966)
      • When configuring a tmpfs mount, only set the mode= argument if the
        target path already existed. This fixes a regression introduced in our
        CVE-2025-52881 mitigation patches. (#4971#4976)
      • Fix various file descriptor leaks and add additional tests to detect them as
        comprehensively as possible. (#5007#5021#5034)

      The fixes for the CVE and the regressions are contained in runc v1.2.9, v1.3.4, and v1.4.0.  The runc in RHEL should be bumped to the appropriate version.

      Customers have already begun to run into these issues with the runc that had only the patch for the CVEs. 

              container-runtime-eng Container Runtime Eng Bot
              tsweeney@redhat.com Tom Sweeney
              Container Runtime Eng Bot Container Runtime Eng Bot
              Container Runtime Bugs Bot Container Runtime Bugs Bot
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: