TheServerSide

Fix this runC vulnerability to prevent unwanted root access

RunC is a Docker-created, low-level command-line interface tool that spawns and runs containers based on two Open Container Initiative specifications: the Image Specification and the Runtime ...
Hackaday

This Week In Security: Glibc, Ivanti, Jenkins, And Runc

There’s a fun buffer overflow problem in the Glibc __vsyslog_internal() function. This one’s a real rollercoaster, because logging vulnerabilities are always scary, but at a first look, it seems ...
Bleeping Computer

RunC Vulnerability Gives Attackers Root Access on Docker, Kubernetes Hosts

A container breakout security flaw found in the runc container runtime allows malicious containers (with minimal user interaction) to overwrite the host runc binary and gain root-level code execution ...
Threat Post

Major Container Security Flaw Threatens Cascading Attacks

A fundamental component of container technologies like Docker, cri-o, containerd and Kubernetes contains an important vulnerability that could cause cascading attacks. Runc, a building-block project ...
Infosecurity-magazine.com

Firms Urged to Patch Serious Container Runtime Flaw

Enterprises have been urged to patch a serious flaw in runc, the default runtime for Docker and Kubernetes, and ensure they have SELinux enabled. Aleksa Sarai — one of the maintainers for runc — made ...
SDxCentral

Kubernetes, Docker, ContainerD Impacted by RunC Container Runtime Bug

The flaw basically allows an infected container to gain control of the overarching host container and allow an attacker to execute any command.
CRN

New RunC Container Runtime Security Flaw Targets Kubernetes, Docker

A security vulnerability in Docker and Kubernetes containers disclosed Monday can be used to go after any host system running containers. The vulnerability allows malicious containers to overwrite the ...