Skip to content

[release-1.26] Bump runc to v1.2.8 - CVE-2025-52881 #6523

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: release-1.26
Choose a base branch
from
Open

[release-1.26] Bump runc to v1.2.8 - CVE-2025-52881 #6523

wants to merge 5 commits into from

Conversation

@dashea
Copy link

@dashea dashea commented Nov 20, 2025

What type of PR is this?

/kind other

What this PR does / why we need it:

Bump runc to v1.2.8, to address CVE-2025-52881. This is a huge jump, but this version of runc is the earliest that contains a fix for this CVE.

Which issue(s) this PR fixes:

This also fixes CVE-2025-31133 and CVE-2025-52565.

Fixes RHEL-126919 and RHEL-126921.

How to verify it

Special notes for your reviewer:

Does this PR introduce a user-facing change?

None

[NO NEW TESTS NEEDED]

@dashea
Bump runc to v1.2.8 - CVE-2025-52881
47ab3df 
Also bump container/storage to handle the API changes in runc.

Signed-off-by: David Shea <[email protected]>
@dashea
Update for go-selinux API changes
3b47841 
Signed-off-by: David Shea <[email protected]>
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 20, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dashea
Once this PR has been reviewed and has the lgtm label, please assign giuseppe for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@dashea dashea force-pushed the dshea-release-1.26-runc-update branch from 0229217 to 2d9ab64 Compare November 21, 2025 20:28
@TomSweeneyRedHat
Copy link
Member

TomSweeneyRedHat commented Nov 24, 2025

@dashea looks like one of the commit didn't get signed? I think the second, Bump CI environment: a60c6e6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

kind/other

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dashea @TomSweeneyRedHat