All errata/p11/ALT-PU-2026-5517-3
ALT-PU-2026-5517-3

Package update crun in branch p11

Version1.27-alt1
Published2026-05-26
Max severityHIGH
Severity:

Closed issues (2)

BDU:2026-07259
HIGH7.8

Уязвимость среды выполнения контейнера OCI Container Runtime (crun), связанная с небезопасным управлением привилегиями, позволяющая нарушителю повысить свои привилегии

Published: 2026-05-24Modified: 2026-06-18
CVSS 3.xHIGH 7.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
CVE-2026-30892
HIGH7.8

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue.

Published: 2026-03-25Modified: 2026-06-17
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H