v1.1.5 -- "囚われた屈辱は 反撃の嚆矢だ" This is the fifth patch release in the 1.1.z series of runc, which fixes three CVEs found in runc. * CVE-2023-25809 is a vulnerability involving rootless containers where (under specific configurations), the container would have write access to the /sys/fs/cgroup/user.slice/... cgroup hierarchy. No other hierarchies on the host were affected. This vulnerability was discovered by Akihiro Suda. <https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc> * CVE-2023-27561 was a regression which effectively re-introduced CVE-2019-19921. This bug was present from v1.0.0-rc95 to v1.1.4. This regression was discovered by @Beuc. <https://github.com/advisories/GHSA-vpvm-3wq2-2wvm> * CVE-2023-28642 is a variant of the same bug and was fixed by the same patch. This variant of the above vulnerability was reported by Lei Wang. <https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c> In addition, the following other fixes are included in this release: * Fix the inability to use `/dev/null` when inside a container. (#3620) * Fix changing the ownership of host's `/dev/null` caused by fd redirection (a regression in 1.1.1). (#3674, #3731) * Fix rare runc exec/enter unshare error on older kernels, including CentOS < 7.7. (#3776) * nsexec: Check for errors in `write_log()`. (#3721) Thanks to all of the contributors who made this release possible: * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> * Aleksa Sarai <cyphar@cyphar.com> * Evan Phoenix <evan@phx.io> * Jaroslav Jindrak <dzejrou@gmail.com> * Kir Kolyshkin <kolyshkin@gmail.com> * Mrunal Patel <mrunal@me.com> * Rodrigo Campos <rodrigoca@microsoft.com> * Sebastiaan van Stijn <thaJeztah@users.noreply.github.com> * Shengjing Zhu <zhsj@debian.org> * Tianon Gravi <admwiggin@gmail.com> [Due to the security-critical nature of this release, it was released without a direct vote but was agreed to by the required number of maintainers.] Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>