Skip to content

[release/1.7] Update runc binary to v1.3.4 #12619

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dmcgowan merged 1 commit into from
Dec 8, 2025
Merged

[release/1.7] Update runc binary to v1.3.4 #12619

dmcgowan merged 1 commit into from
Dec 8, 2025

Conversation

@k8s-infra-cherrypick-robot
Copy link

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot commented Dec 3, 2025

This is an automated cherry-pick of #12593

/assign dmcgowan

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Dec 3, 2025
Merged
@github-project-automation github-project-automation bot moved this to Needs Triage in Pull Request Review Dec 3, 2025
@dosubot dosubot bot added the area/runtime Runtime label Dec 3, 2025
thaJeztah
thaJeztah approved these changes Dec 3, 2025
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM if green

@kavinnath
Copy link

kavinnath commented Dec 4, 2025

Looks like Fuzzing broken..

('/tmp/not-out/tmpyea_evy4/fuzz_FuzzLeaseManager', CompletedProcess(args=['bad_build_check', '/tmp/not-out/tmpyea_evy4/fuzz_FuzzLeaseManager'], returncode=1, stdout=b'BAD BUILD: /tmp/not-out/tmpyea_evy4/fuzz_FuzzLeaseManager seems to have either startup crash or exit:\nsysctl: setting key "vm.mmap_rnd_bits", ignoring: Read-only file system\n/tmp/not-out/tmpyea_evy4/fuzz_FuzzLeaseManager -- -rss_limit_mb=2560 -timeout=25 -seed=1337 -runs=4 < /dev/null\n/tmp/not-out/tmpyea_evy4/fuzz_FuzzLeaseManager: /lib/x86_64-linux-gnu/libc.so.6: version GLIBC_2.32\' not found (required by /tmp/not-out/tmpyea_evy4/fuzz_FuzzLeaseManager)\n/tmp/not-out/tmpyea_evy4/fuzz_FuzzLeaseManager: /lib/x86_64-linux-gnu/libc.so.6: version GLIBC_2.34' not found (required by /tmp/not-out/tmpyea_evy4/fuzz_FuzzLeaseManager)\n/tmp/not-out/tmpyea_evy4/fuzz_FuzzLeaseManager: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.38' not found (required by /tmp/not-out/tmpyea_evy4/fuzz_FuzzLeaseManager)\n', stderr=b''))

austinvazquez
austinvazquez approved these changes Dec 4, 2025
View reviewed changes
Copy link
Member

@austinvazquez austinvazquez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@github-project-automation github-project-automation bot moved this from Needs Triage to Review In Progress in Pull Request Review Dec 4, 2025
mikebrow
mikebrow approved these changes Dec 7, 2025
View reviewed changes
Copy link
Member

@mikebrow mikebrow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
just a rebase for the fuzzer fix

@vvoland @mikebrow
runc: Update runc binary to v1.3.4
34b89a5 
This update includes a fix for a regression introduced in CVE-2025-52881
mitigation patches where the `mode=` argument was incorrectly applied to
tmpfs mounts regardless of whether the target path existed.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@mikebrow mikebrow force-pushed the cherry-pick-12593-to-release/1.7 branch from a8bf394 to 34b89a5 Compare December 8, 2025 00:28
@dmcgowan dmcgowan merged commit a839d03 into containerd:release/1.7 Dec 8, 2025
92 of 94 checks passed
@github-project-automation github-project-automation bot moved this from Review In Progress to Done in Pull Request Review Dec 8, 2025
@dmcgowan dmcgowan mentioned this pull request Dec 9, 2025
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmcgowan dmcgowan dmcgowan approved these changes

@thaJeztah thaJeztah thaJeztah approved these changes

@akhilerm akhilerm akhilerm approved these changes

@mikebrow mikebrow mikebrow approved these changes

@austinvazquez austinvazquez austinvazquez approved these changes

Assignees

@dmcgowan dmcgowan

Labels

area/runtime Runtime impact/changelog size/XS

Projects

Pull Request Review
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@k8s-infra-cherrypick-robot @kavinnath @dmcgowan @thaJeztah @akhilerm @mikebrow @austinvazquez @k8s-ci-robot @vvoland