概述
Important: runc security update
类型/严重性
Security Advisory: Important
Red Hat Lightspeed patch analysis
标题
An update for runc is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.
Security Fix(es):
- runc: container escape via 'masked path' abuse due to mount race conditions (CVE-2025-31133)
- runc: container escape with malicious config due to /dev/console mount and related races (CVE-2025-52565)
- runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
受影响的产品
-
Red Hat Enterprise Linux for x86_64 9 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
-
Red Hat Enterprise Linux Server - AUS 9.6 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 9 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
-
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
-
Red Hat Enterprise Linux for ARM 64 9 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
-
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
-
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
-
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
-
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x
修复
-
BZ - 2404705
- CVE-2025-31133 runc: container escape via 'masked path' abuse due to mount race conditions
-
BZ - 2404708
- CVE-2025-52565 runc: container escape with malicious config due to /dev/console mount and related races
-
BZ - 2404715
- CVE-2025-52881 runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects
注::
可能有这些软件包的更新版本。
点击软件包名称查看详情。
Red Hat Enterprise Linux for x86_64 9
| SRPM |
|
runc-1.2.5-3.el9_6.src.rpm
|
SHA-256: b137e36f7831e0f40c6ff64831276b08b5db3ff619d7b0c04d5649a7c92b2aac |
| x86_64 |
|
runc-1.2.5-3.el9_6.x86_64.rpm
|
SHA-256: 55f693c6e7a45bab75741798e3ef3d93bf2de86246fe4259beb9b6934a601001 |
|
runc-debuginfo-1.2.5-3.el9_6.x86_64.rpm
|
SHA-256: 04ef9b13a93e76b5df7bc7eecbf8b241047f04d961d40c6e0478f757ebf3ceed |
|
runc-debugsource-1.2.5-3.el9_6.x86_64.rpm
|
SHA-256: 4e9bb28547ea18616c05e84bd62855c3845ef79714051f576a2852dd83eaf3a2 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6
| SRPM |
|
runc-1.2.5-3.el9_6.src.rpm
|
SHA-256: b137e36f7831e0f40c6ff64831276b08b5db3ff619d7b0c04d5649a7c92b2aac |
| x86_64 |
|
runc-1.2.5-3.el9_6.x86_64.rpm
|
SHA-256: 55f693c6e7a45bab75741798e3ef3d93bf2de86246fe4259beb9b6934a601001 |
|
runc-debuginfo-1.2.5-3.el9_6.x86_64.rpm
|
SHA-256: 04ef9b13a93e76b5df7bc7eecbf8b241047f04d961d40c6e0478f757ebf3ceed |
|
runc-debugsource-1.2.5-3.el9_6.x86_64.rpm
|
SHA-256: 4e9bb28547ea18616c05e84bd62855c3845ef79714051f576a2852dd83eaf3a2 |
Red Hat Enterprise Linux Server - AUS 9.6
| SRPM |
|
runc-1.2.5-3.el9_6.src.rpm
|
SHA-256: b137e36f7831e0f40c6ff64831276b08b5db3ff619d7b0c04d5649a7c92b2aac |
| x86_64 |
|
runc-1.2.5-3.el9_6.x86_64.rpm
|
SHA-256: 55f693c6e7a45bab75741798e3ef3d93bf2de86246fe4259beb9b6934a601001 |
|
runc-debuginfo-1.2.5-3.el9_6.x86_64.rpm
|
SHA-256: 04ef9b13a93e76b5df7bc7eecbf8b241047f04d961d40c6e0478f757ebf3ceed |
|
runc-debugsource-1.2.5-3.el9_6.x86_64.rpm
|
SHA-256: 4e9bb28547ea18616c05e84bd62855c3845ef79714051f576a2852dd83eaf3a2 |
Red Hat Enterprise Linux for IBM z Systems 9
| SRPM |
|
runc-1.2.5-3.el9_6.src.rpm
|
SHA-256: b137e36f7831e0f40c6ff64831276b08b5db3ff619d7b0c04d5649a7c92b2aac |
| s390x |
|
runc-1.2.5-3.el9_6.s390x.rpm
|
SHA-256: 3e134fc9a7fb581c31eb8743390f4a8ba8a305e93bedab3ac6dd945da92b8008 |
|
runc-debuginfo-1.2.5-3.el9_6.s390x.rpm
|
SHA-256: 129420ec8b969410df013d2a2778db019c9fec44e7a7659ac89e4c5a72e3bc2e |
|
runc-debugsource-1.2.5-3.el9_6.s390x.rpm
|
SHA-256: a45e091e572f2ffaba57fa9253c7994e774fa605d41dc11dac8fe14fa1136413 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6
| SRPM |
|
runc-1.2.5-3.el9_6.src.rpm
|
SHA-256: b137e36f7831e0f40c6ff64831276b08b5db3ff619d7b0c04d5649a7c92b2aac |
| s390x |
|
runc-1.2.5-3.el9_6.s390x.rpm
|
SHA-256: 3e134fc9a7fb581c31eb8743390f4a8ba8a305e93bedab3ac6dd945da92b8008 |
|
runc-debuginfo-1.2.5-3.el9_6.s390x.rpm
|
SHA-256: 129420ec8b969410df013d2a2778db019c9fec44e7a7659ac89e4c5a72e3bc2e |
|
runc-debugsource-1.2.5-3.el9_6.s390x.rpm
|
SHA-256: a45e091e572f2ffaba57fa9253c7994e774fa605d41dc11dac8fe14fa1136413 |
Red Hat Enterprise Linux for Power, little endian 9
| SRPM |
|
runc-1.2.5-3.el9_6.src.rpm
|
SHA-256: b137e36f7831e0f40c6ff64831276b08b5db3ff619d7b0c04d5649a7c92b2aac |
| ppc64le |
|
runc-1.2.5-3.el9_6.ppc64le.rpm
|
SHA-256: 2fc64ac937d65da4cc7d2f064cd4e54a82b686cd6ff866f663f2b95bd050577d |
|
runc-debuginfo-1.2.5-3.el9_6.ppc64le.rpm
|
SHA-256: 34c40b5924050e0317d3ef3396a016d71026f93483045b3d6fe42b583b714ae0 |
|
runc-debugsource-1.2.5-3.el9_6.ppc64le.rpm
|
SHA-256: 14e6ffe9d614ffb8339c511ce0a0688e4e2fd356ca3d49875ec7087d03caa34d |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6
| SRPM |
|
runc-1.2.5-3.el9_6.src.rpm
|
SHA-256: b137e36f7831e0f40c6ff64831276b08b5db3ff619d7b0c04d5649a7c92b2aac |
| ppc64le |
|
runc-1.2.5-3.el9_6.ppc64le.rpm
|
SHA-256: 2fc64ac937d65da4cc7d2f064cd4e54a82b686cd6ff866f663f2b95bd050577d |
|
runc-debuginfo-1.2.5-3.el9_6.ppc64le.rpm
|
SHA-256: 34c40b5924050e0317d3ef3396a016d71026f93483045b3d6fe42b583b714ae0 |
|
runc-debugsource-1.2.5-3.el9_6.ppc64le.rpm
|
SHA-256: 14e6ffe9d614ffb8339c511ce0a0688e4e2fd356ca3d49875ec7087d03caa34d |
Red Hat Enterprise Linux for ARM 64 9
| SRPM |
|
runc-1.2.5-3.el9_6.src.rpm
|
SHA-256: b137e36f7831e0f40c6ff64831276b08b5db3ff619d7b0c04d5649a7c92b2aac |
| aarch64 |
|
runc-1.2.5-3.el9_6.aarch64.rpm
|
SHA-256: c066d4b698c084178a86683fa84a703c676f6ea27cbf9aa2010ff5f216be973d |
|
runc-debuginfo-1.2.5-3.el9_6.aarch64.rpm
|
SHA-256: 84e0749a093d88c6be2657cd6518d257a7d88aebceb883fecb244a035e9bde68 |
|
runc-debugsource-1.2.5-3.el9_6.aarch64.rpm
|
SHA-256: 371931a92af58511ea63c75b59de032ca38fec08e887558201efecbf709703fb |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6
| SRPM |
|
runc-1.2.5-3.el9_6.src.rpm
|
SHA-256: b137e36f7831e0f40c6ff64831276b08b5db3ff619d7b0c04d5649a7c92b2aac |
| aarch64 |
|
runc-1.2.5-3.el9_6.aarch64.rpm
|
SHA-256: c066d4b698c084178a86683fa84a703c676f6ea27cbf9aa2010ff5f216be973d |
|
runc-debuginfo-1.2.5-3.el9_6.aarch64.rpm
|
SHA-256: 84e0749a093d88c6be2657cd6518d257a7d88aebceb883fecb244a035e9bde68 |
|
runc-debugsource-1.2.5-3.el9_6.aarch64.rpm
|
SHA-256: 371931a92af58511ea63c75b59de032ca38fec08e887558201efecbf709703fb |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6
| SRPM |
|
runc-1.2.5-3.el9_6.src.rpm
|
SHA-256: b137e36f7831e0f40c6ff64831276b08b5db3ff619d7b0c04d5649a7c92b2aac |
| ppc64le |
|
runc-1.2.5-3.el9_6.ppc64le.rpm
|
SHA-256: 2fc64ac937d65da4cc7d2f064cd4e54a82b686cd6ff866f663f2b95bd050577d |
|
runc-debuginfo-1.2.5-3.el9_6.ppc64le.rpm
|
SHA-256: 34c40b5924050e0317d3ef3396a016d71026f93483045b3d6fe42b583b714ae0 |
|
runc-debugsource-1.2.5-3.el9_6.ppc64le.rpm
|
SHA-256: 14e6ffe9d614ffb8339c511ce0a0688e4e2fd356ca3d49875ec7087d03caa34d |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6
| SRPM |
|
runc-1.2.5-3.el9_6.src.rpm
|
SHA-256: b137e36f7831e0f40c6ff64831276b08b5db3ff619d7b0c04d5649a7c92b2aac |
| x86_64 |
|
runc-1.2.5-3.el9_6.x86_64.rpm
|
SHA-256: 55f693c6e7a45bab75741798e3ef3d93bf2de86246fe4259beb9b6934a601001 |
|
runc-debuginfo-1.2.5-3.el9_6.x86_64.rpm
|
SHA-256: 04ef9b13a93e76b5df7bc7eecbf8b241047f04d961d40c6e0478f757ebf3ceed |
|
runc-debugsource-1.2.5-3.el9_6.x86_64.rpm
|
SHA-256: 4e9bb28547ea18616c05e84bd62855c3845ef79714051f576a2852dd83eaf3a2 |
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6
| SRPM |
|
runc-1.2.5-3.el9_6.src.rpm
|
SHA-256: b137e36f7831e0f40c6ff64831276b08b5db3ff619d7b0c04d5649a7c92b2aac |
| aarch64 |
|
runc-1.2.5-3.el9_6.aarch64.rpm
|
SHA-256: c066d4b698c084178a86683fa84a703c676f6ea27cbf9aa2010ff5f216be973d |
|
runc-debuginfo-1.2.5-3.el9_6.aarch64.rpm
|
SHA-256: 84e0749a093d88c6be2657cd6518d257a7d88aebceb883fecb244a035e9bde68 |
|
runc-debugsource-1.2.5-3.el9_6.aarch64.rpm
|
SHA-256: 371931a92af58511ea63c75b59de032ca38fec08e887558201efecbf709703fb |
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6
| SRPM |
|
runc-1.2.5-3.el9_6.src.rpm
|
SHA-256: b137e36f7831e0f40c6ff64831276b08b5db3ff619d7b0c04d5649a7c92b2aac |
| s390x |
|
runc-1.2.5-3.el9_6.s390x.rpm
|
SHA-256: 3e134fc9a7fb581c31eb8743390f4a8ba8a305e93bedab3ac6dd945da92b8008 |
|
runc-debuginfo-1.2.5-3.el9_6.s390x.rpm
|
SHA-256: 129420ec8b969410df013d2a2778db019c9fec44e7a7659ac89e4c5a72e3bc2e |
|
runc-debugsource-1.2.5-3.el9_6.s390x.rpm
|
SHA-256: a45e091e572f2ffaba57fa9253c7994e774fa605d41dc11dac8fe14fa1136413 |
