ALASDOCKER-2024-036 --- runcID: oval:org.secpod.oval:def:1702082 | Date: (C)2024-02-07 (M)2024-05-06 |
Class: PATCH | Family: unix |
AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the container's file system namespace.An updated version of runc that addresses the issue is available for Amazon Linux 1 , Amazon Linux 2 and for Amazon Linux 2023 . AWS recommends that customers using runc or any container-related software apply those updates or a newer version