Fedora Linux 8781 Published by

A runc security update has been released for Fedora 33.



SECURITY: Fedora 33 Update: runc-1.0.0-377.rc93.fc33


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-ec00da7faa
2021-04-24 18:04:51.466052
--------------------------------------------------------------------------------

Name : runc
Product : Fedora 33
Version : 1.0.0
Release : 377.rc93.fc33
URL :   https://github.com/opencontainers/runc
Summary : CLI for running Open Containers
Description :
The runc command can be used to start containers which are packaged
in accordance with the Open Container Initiative's specifications,
and to manage containers running under runc.

--------------------------------------------------------------------------------
Update Information:

- crun and runc both `Provides: oci-runtime`. - containers-common now has
`Requires: oci-runtime`. - `dnf install oci-runtime` will install crun by
default unless runc is already installed. ---- buildah: Security fix for
CVE-2021-20291 Autobuilt v1.20.1
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 21 2021 Lokesh Mandvekar - 2:1.0.0-377.rc93
- add Provides: oci-runtime in the right place
* Tue Apr 13 2021 Lokesh Mandvekar - 2:1.0.0-376.dev.git12644e6
- unversioned Provides: oci-runtime
- runc package will also provide an unversioned Provides: oci-runtime.
- user should pull in runc separately or else it will install crun by default
(alphabetical order)
- similar situation as caddy, httpd, lighttpd and nginx having Provides: webserver
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1939485 - CVE-2021-20291 containers/storage: DoS via malicious image
  https://bugzilla.redhat.com/show_bug.cgi?id=1939485
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-ec00da7faa' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys