update runc binary to v1.1.2

This is the second patch release of the runc 1.1 release branch. It fixes CVE-2022-29162, a minor security issue (which appears to not be exploitable) related to process capabilities. This is a similar bug to the ones found and fixed in Docker and containerd recently (CVE-2022-24769). - A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. For more information, see GHSA-f3fp-gc8g-vw66 and CVE-2022-29162. - runc spec no longer sets any inheritable capabilities in the created example OCI spec (config.json) file. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit bc0fd3f) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
moby · May 12, 2022 · d9ed3d7 · d9ed3d7
1 parent f756502
commit d9ed3d7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/hack/dockerfile/install/runc.installer b/hack/dockerfile/install/runc.installer
@@ -9,7 +9,7 @@ set -e
 # the containerd project first, and update both after that is merged.
 #
 # When updating RUNC_VERSION, consider updating runc in vendor.conf accordingly
-: "${RUNC_VERSION:=v1.1.1}"
+: "${RUNC_VERSION:=v1.1.2}"
 
 install_runc() {
 	RUNC_BUILDTAGS="${RUNC_BUILDTAGS:-"seccomp"}"