Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

SUSE-SU-2023:1726-1 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceSUSE-SU-2023:1726-1

SUSE-SU-2023:1726-1

UNKNOWN

Security update for runc

Published Apr 3, 2023

Modified 2 years ago

Fix available

Details

This update for runc fixes the following issues:

Update to runc v1.1.5:

Security fixes:

CVE-2023-25809: Fixed rootless /sys/fs/cgroup is writable when cgroupns isn't unshared (bnc#1209884).
CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962).
CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888).

Other fixes:

Fix the inability to use /dev/null when inside a container.
Fix changing the ownership of host's /dev/null caused by fd redirection (bsc#1168481).
Fix rare runc exec/enter unshare error on older kernels.
nsexec: Check for errors in write_log().
Drop version-specific Go requirement.

Affected Packages

runc

SUSE Linux Enterprise Module for Containers 12

Fixed in:

1.1.5-16.29.1

References

https://bugzilla.suse.com/1168481

https://bugzilla.suse.com/1208962

https://bugzilla.suse.com/1209884

https://bugzilla.suse.com/1209888

https://www.suse.com/security/cve/CVE-2023-25809

https://www.suse.com/security/cve/CVE-2023-27561

https://www.suse.com/security/cve/CVE-2023-28642

https://www.suse.com/support/update/announcement/2023/suse-su-20231726-1/

Upstream

CVE-2023-25809 CVE-2023-27561 CVE-2023-28642

Related

CVE-2023-25809 CVE-2023-27561 CVE-2023-28642

Ecosystems

SUSE Linux Enterprise Module for Containers 12

Timeline

PublishedApr 3, 2023

ModifiedApr 3, 2023