Your message dated Thu, 06 Nov 2025 11:05:04 +0000
with message-id <[email protected]>
and subject line Bug#1118638: fixed in crun 1.21-2
has caused the Debian Bug report #1118638,
regarding crun versions before 1.24 chown() /dev/null to the container user
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1118638: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118638
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: crun
Version: 1.21-1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Dear Maintainer,
Versions of crun before 1.24 unconditionally `chown()` the stdio files of the
container to the UID inside the container. If the container's stdin is set
to `/dev/null` (which is the default for `podman`), and the container is
started by root but runs as a non-root user, this results in the owner of the
host's `/dev/null` being changed.
The impact of changing the owner of `/dev/null` is that the container
user can then `chmod()` the file, denying other users access. This may
cause denial of service.
The issue was fixed in https://github.com/containers/crun/pull/1847,
which is part of release 1.24.
-- System Information:
Debian Release: 13.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.39-1-insait (SMP w/56 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages crun depends on:
ii libc6 2.41-12
ii libcap2 1:2.75-10+b1
ii libseccomp2 2.6.0-2
ii libsystemd0 257.8-1~deb13u2
ii libyajl2 2.1.0-5+b2
Versions of packages crun recommends:
pn libcriu2 <none>
Versions of packages crun suggests:
pn libwasmedge0 <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: crun
Source-Version: 1.21-2
Done: Reinhard Tartler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
crun, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Reinhard Tartler <[email protected]> (supplier of updated crun package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 05 Nov 2025 21:28:06 -0500
Source: crun
Architecture: source
Version: 1.21-2
Distribution: unstable
Urgency: medium
Maintainer: Faidon Liambotis <[email protected]>
Changed-By: Reinhard Tartler <[email protected]>
Closes: 1118638
Changes:
crun (1.21-2) unstable; urgency=medium
.
* Never chown devices, Closes: #1118638
Checksums-Sha1:
55ef6c77baaebb409c47df763e347b1f3256a413 2562 crun_1.21-2.dsc
6f1fc010aa4e510b68ca548be4b8fa0420f2a25b 20688 crun_1.21-2.debian.tar.xz
Checksums-Sha256:
b40a105ec557ecfc9f777696acc91ad7e73e590807a15de262109c925e917ab9 2562
crun_1.21-2.dsc
01f40774a5b8ef953294785e880710f551285e8373898de4043f7f3950870f0e 20688
crun_1.21-2.debian.tar.xz
Files:
67bdf1cc4d620d352963c26a10f5f9c8 2562 admin optional crun_1.21-2.dsc
a3ff92b4124032e2897185e8f42b07d7 20688 admin optional crun_1.21-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAmkMe2kUHHNpcmV0YXJ0
QHRhdXdhcmUuZGUACgkQSadpd5QoJsutjg//bAp4wmXAq0rsGcjT0Xs3ISXHuCHo
QClr0f3RxDwYrFCqbHW5ka6KZA1teJIr0YNE/V86Xz6JXcsRe/9J0bYJK00oc9Pe
FzeoVK+Lro8ni9C6yZe+jPwbjpAAjkC94LMQm/YF4hLv1F6clv9qSFI2sFo22UCv
vEgvMI3/KXFtkOdnqtP6ptA4jyt/6J1fuD9cA9FbRZ5dZah8sP9d0HKEZXkweAZi
FDz9l0yMg0mDrQBBLDkGD3bfsvIHAEDxgyFGkihUIaban/ErsI/iYozOXw9CPoXD
mwj/lcuITQCtNlFNklxS4xwO6sRBdGpvpLGcvWSlhUjHYrZQw8H+4WxAPhW131oN
vAzTzV1v516vAZDe4hRmAvFLxxpRpfFol+mrEdAfY2N174GubzAIFt4ik/Om7TSh
72LFYaSwXBfCPZJeEUI08WF/wbtX3w0aikUno7ISAIyHWOl5XYEcgpo0TrxGFwxB
UOPDKGc0bGkWnreMGfcLy/CQIBmInIZiOtu1m6BVWBb7vIZhOizOZIXtLVy4d23l
KcJxyewmoS4pWX1/xQkH1eKvwyRScRjGDl6on94PlqsnTAT69jMpC4C+s4OVc53i
5oyvuvGiwUNUrOKF4nJ9QWxrBUvHZr/PL2UvkbUfS5JD9LCZtDJAMmBT1wWkrTZt
bQlFmtOM7f3Vb10=
=I151
-----END PGP SIGNATURE-----
pgpyvHoeW2teD.pgp
Description: PGP signature
--- End Message ---
