actions-runner-controller icon indicating copy to clipboard operation
actions-runner-controller copied to clipboard

Published 20 hours ago verified publisher icon actions

update docker/runc version on summerwind/actions-runner

Open klepiz opened this issue 1 year ago • 1 comments

What would you like added? and Why is this needed?

As cause of the recent docker vulnerabilty https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/, urrently the lastest version of summerwind/actions-runner contains Docker version 24.0.7, build afdd53b, Docker required to be updated to Docker Engine 4.25.2 and runc 1.1.12 which contains a fix CVE-2024-24557, CVE-2024-23650, CVE-2024-23651, CVE-2024-23652 and CVE-2024-23653 and CVE-2024-21626

Questions

Is there a faster way to update the docker/runc version for actions-runner-controller? my current k8s master/nodes are already updated to the latest version of runc

klepiz avatar Feb 02 '24 15:02 klepiz

Any updates here in how to proceed?

luisrussi avatar Apr 03 '24 14:04 luisrussi