CLSA-2025-1763648873

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1763648873.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2025-1763648873
Upstream
Published
2025-11-20T14:27:57Z
Modified
2026-06-01T00:31:27.548673078Z
Summary
runc: Fix of 6 CVEs
Details
  • upgrade to runc 1.2.8 to fix multiple critical security vulnerabilities:
  • CVE-2024-21626: fix file descriptor leak vulnerability allowing container escape
  • CVE-2025-52565: fix container escape with malicious config due to /dev/console mount races
  • CVE-2025-31133: fix container escape and denial of service due to masked path abuse
  • CVE-2025-52881: fix container escape and denial of service due to procfs write redirects
  • remove obsolete CVE-2023-27561_CVE-2023-28642.patch (fixes included in 1.2.8)
  • add no_openssl build tag to prevent use of vendored crypto libraries
  • add runcdmzselinux_nocompat build tag for SELinux DMZ feature support
  • add container-selinux >= 2.224.0 dependency for DMZ SELinux feature
References

Affected packages

TuxCare:AlmaLinux:9.2 / runc

Package

Name
runc
Purl
pkg:rpm/tuxcare/runc?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4:1.2.8-1.el9_1.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1763648873.json"