Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-132842

Bump to runc v1.2.9 or v1.3.4 to get CVE and regression fixes - Buildah

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • None
    • Important
    • ZStream
    • 1
    • rhel-container-tools
    • 2
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • RUN 280
    • Regression Exception
    • Unspecified Release Note Type - Unknown
    • Unspecified
    • Unspecified
    • Unspecified
    • All
    • None

      With the fixes for CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, a few regressions were created in runc

      https://github.com/opencontainers/runc/releases/tag/v1.3.4

      • libct: fix mips compilation. (#4962#4966)
      • When configuring a tmpfs mount, only set the mode= argument if the
        target path already existed. This fixes a regression introduced in our
        CVE-2025-52881 mitigation patches. (#4971#4976)
      • Fix various file descriptor leaks and add additional tests to detect them as
        comprehensively as possible. (#5007#5021#5034)

      The fixes for the CVE and the regressions are contained in runc v1.2.9, v1.3.4, and v1.4.0.  The runc in RHEL should be bumped to the appropriate version.

      Customers have already begun to run into these issues with the runc that had only the patch for the CVEs. 

              rhn-support-jnovy Jindrich Novy
              tsweeney@redhat.com Tom Sweeney
              Container Runtime Eng Bot Container Runtime Eng Bot
              Yiqiao Pu Yiqiao Pu
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: