{"id":"CLSA-2025-1763648873","summary":"runc: Fix of 6 CVEs","details":"- upgrade to runc 1.2.8 to fix multiple critical security vulnerabilities:\n- CVE-2024-21626: fix file descriptor leak vulnerability allowing container\n  escape\n- CVE-2025-52565: fix container escape with malicious config due to /dev/console\n  mount races\n- CVE-2025-31133: fix container escape and denial of service due to masked path\n  abuse\n- CVE-2025-52881: fix container escape and denial of service due to procfs\n  write redirects\n- remove obsolete CVE-2023-27561_CVE-2023-28642.patch (fixes included in 1.2.8)\n- add no_openssl build tag to prevent use of vendored crypto libraries\n- add runc_dmz_selinux_nocompat build tag for SELinux DMZ feature support\n- add container-selinux \u003e= 2.224.0 dependency for DMZ SELinux feature","modified":"2026-06-01T00:31:27.548673078Z","published":"2025-11-20T14:27:57Z","upstream":["CVE-2024-21626","CVE-2025-52565","CVE-2025-31133","CVE-2025-52881","CVE-2023-27561","CVE-2023-28642"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/almalinux9.2esu/CLSA-2025-1763648873.html"}],"affected":[{"package":{"name":"runc","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/runc?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:1.2.8-1.el9_1.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1763648873.json"}}],"schema_version":"1.7.5"}