New full container breakouts in runc just dropped. Three of them! High severity! Patch 'em while they're hot!
oss-sec: runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881
seclists.org
November 6, 2025 at 7:38 PM
New full container breakouts in runc just dropped. Three of them! High severity! Patch 'em while they're hot!
⚠️ runc container escape exploited
Attackers abuse the runc runtime to break out of containers, execute code on hosts and deploy malware. Patch runtimes, harden container configs, and monitor kernel anomalies to stop escapes.
🔗 read more: seclists.org/oss-sec/2025...
#ransomNews #containerSec
Attackers abuse the runc runtime to break out of containers, execute code on hosts and deploy malware. Patch runtimes, harden container configs, and monitor kernel anomalies to stop escapes.
🔗 read more: seclists.org/oss-sec/2025...
#ransomNews #containerSec
November 10, 2025 at 11:37 AM
⚠️ runc container escape exploited
Attackers abuse the runc runtime to break out of containers, execute code on hosts and deploy malware. Patch runtimes, harden container configs, and monitor kernel anomalies to stop escapes.
🔗 read more: seclists.org/oss-sec/2025...
#ransomNews #containerSec
Attackers abuse the runc runtime to break out of containers, execute code on hosts and deploy malware. Patch runtimes, harden container configs, and monitor kernel anomalies to stop escapes.
🔗 read more: seclists.org/oss-sec/2025...
#ransomNews #containerSec
🚨 Severe runc flaws could let attackers break out of Docker & Kubernetes containers to access the host.
Admins: update runc immediately & restrict untrusted images.
📖 www.bleepingcomputer.com/news/securit...
#Security #Docker #runc
Admins: update runc immediately & restrict untrusted images.
📖 www.bleepingcomputer.com/news/securit...
#Security #Docker #runc
Dangerous runC flaws could allow hackers to escape Docker containers
Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to bypass isolation restrictions and get access to the host system.
www.bleepingcomputer.com
November 9, 2025 at 9:18 PM
🚨 Severe runc flaws could let attackers break out of Docker & Kubernetes containers to access the host.
Admins: update runc immediately & restrict untrusted images.
📖 www.bleepingcomputer.com/news/securit...
#Security #Docker #runc
Admins: update runc immediately & restrict untrusted images.
📖 www.bleepingcomputer.com/news/securit...
#Security #Docker #runc
Runc breaks pods when CPU requests aren't multiples of 10 github.com/opencontaine... from Hacker News via #[email protected] / gcu.info/gruik/
Systemd cgroup driver: CPU quota calculation mismatch between containerd and runc causes container creation failure · Issue #4982 · opencontainers/runc
Description When using the systemd cgroup driver with a CPU limit of 4096m, pod creation fails intermittently because containerd non-deterministically calculates either 409600 or 410000 microsecond...
github.com
November 9, 2025 at 10:20 AM
Runc breaks pods when CPU requests aren't multiples of 10 github.com/opencontaine... from Hacker News via #[email protected] / gcu.info/gruik/
Microsoft offre ESU gratuiti per Windows 10 e introduce Quick Machine Recovery in Windows 11, mentre emergono gravi flaw in runC e pacchetti NuGet malevoli.
#Docker #NuGet #Windows
www.matricedigitale.it/2025/11/09/m...
#Docker #NuGet #Windows
www.matricedigitale.it/2025/11/09/m...
November 9, 2025 at 6:51 PM
Microsoft offre ESU gratuiti per Windows 10 e introduce Quick Machine Recovery in Windows 11, mentre emergono gravi flaw in runC e pacchetti NuGet malevoli.
#Docker #NuGet #Windows
www.matricedigitale.it/2025/11/09/m...
#Docker #NuGet #Windows
www.matricedigitale.it/2025/11/09/m...
You can’t go “we just want to be good stewards and run the government, but Dems won’t let us” and then also “Dems better be careful what they wish for, we’ll wreck the government if we have the chance”
October 6, 2025 at 2:28 PM
続)なんかたぶんもう究極的には「投稿する」行為自体が(若者の感覚としては)「古い」まで、あるんじゃないかと思うんですよね……。
「若者に流行ってるということにされてる編集手法などを駆使して、InstagramやTikTokでせっせとショート動画を投稿する人たち、それを観てる人たち、気がつくと自分と同年代ばかりだけど、これは中年の私に最適化されたアルゴリズムがそのようなタイムラインだけ視聴させてるのか、それとも『本当に』この手のSNSに食い下がってるのがもう居もしないROM専の若者を意識しつつ空回りを続ける中高年だけなのか?」は、謎なんですが。
bsky.app/profile/runc...
「若者に流行ってるということにされてる編集手法などを駆使して、InstagramやTikTokでせっせとショート動画を投稿する人たち、それを観てる人たち、気がつくと自分と同年代ばかりだけど、これは中年の私に最適化されたアルゴリズムがそのようなタイムラインだけ視聴させてるのか、それとも『本当に』この手のSNSに食い下がってるのがもう居もしないROM専の若者を意識しつつ空回りを続ける中高年だけなのか?」は、謎なんですが。
bsky.app/profile/runc...
岡田育さんの一連のポストにある「老人会のような写真の投稿」がどんなものかが全くわからないが、あれです、自分と日常をポストしたい若年層はberealに移っててそもそも若い世代はTikTokとチャットAIに住んでるからInstagramがレトロアプリの仲間入りしたという話です? 元のWIREDの記事読んでないから詳細がわからないが
September 15, 2025 at 1:42 PM
続)なんかたぶんもう究極的には「投稿する」行為自体が(若者の感覚としては)「古い」まで、あるんじゃないかと思うんですよね……。
「若者に流行ってるということにされてる編集手法などを駆使して、InstagramやTikTokでせっせとショート動画を投稿する人たち、それを観てる人たち、気がつくと自分と同年代ばかりだけど、これは中年の私に最適化されたアルゴリズムがそのようなタイムラインだけ視聴させてるのか、それとも『本当に』この手のSNSに食い下がってるのがもう居もしないROM専の若者を意識しつつ空回りを続ける中高年だけなのか?」は、謎なんですが。
bsky.app/profile/runc...
「若者に流行ってるということにされてる編集手法などを駆使して、InstagramやTikTokでせっせとショート動画を投稿する人たち、それを観てる人たち、気がつくと自分と同年代ばかりだけど、これは中年の私に最適化されたアルゴリズムがそのようなタイムラインだけ視聴させてるのか、それとも『本当に』この手のSNSに食い下がってるのがもう居もしないROM専の若者を意識しつつ空回りを続ける中高年だけなのか?」は、謎なんですが。
bsky.app/profile/runc...
🔥 Leaky Vessels: Patch your containers ASAP!
New vulnerabilities found in runC, a critical container management tool, allow attackers to escape containers, access sensitive data, and potentially gain root access to the host system.
thehackernews.com/2024/02/runc...
#infosec
RunC Flaws Enable Container Escapes, Granting Attackers Host Access
Critical Container Exploits Found in runC. These flaws allow attackers to break out of containers and access sensitive data or launch further attacks.
thehackernews.com
January 31, 2024 at 9:09 PM
🔥 Leaky Vessels: Patch your containers ASAP!
New vulnerabilities found in runC, a critical container management tool, allow attackers to escape containers, access sensitive data, and potentially gain root access to the host system.
thehackernews.com/2024/02/runc...
#infosec
runcのCVEが終わって日常が返ってきた土日...最高
February 4, 2024 at 5:00 AM
runcのCVEが終わって日常が返ってきた土日...最高
申し遅れましたが私は割と阿久悠のファンで「津軽海峡冬景色」は本当スゴイ作品だと思っております。ここに書かれている通りでさ、女が力を欲するとき歌うと「私たちは誰にも何も言わず自分たちがしたいこと行動に移してよい」という強い強い歌になるけど、同時に1970年代まだまだ根強かったはずの「都会で恋に破れた女は田舎(くに)に帰ってほしいし、帰った田舎で独身熟女として水商売にでも就いて俺たちにもギリギリ手の届きそうな高嶺の花で居てほしい」という男たちの欲望もきっちり満たしていて、そういう連中にはそういう曲にしか聴こえないところです。スゴイ。そりゃ売れるわ。
bsky.app/profile/runc...
bsky.app/profile/runc...
岡田育さんの指摘する演歌(そして一部歌謡曲)の強烈な男尊女卑の歌詞はとてもきついものだけど、同時に思い出すのが作詞家の阿久悠。自身が強い女性の歌詞を書いていたころ大ヒットになったのが殿さまキングスの「なみだの操」だったことがショックで「もう女性は耐えたり泣いたりすることはないと思っていたのに」と話したことは有名だし、阿久悠は演歌もそこそこ手がけたわけだが「演歌には愛憎がある」とも話していて(ソースが見つからないが、記憶にあるエピソード)、どうも演歌の男尊女卑で耐える女の世界というのが肌に合わなかった模様。
大衆が求めた男尊女卑の恋愛像が消え始めるのが80年代後半ぐらいからなのかな
大衆が求めた男尊女卑の恋愛像が消え始めるのが80年代後半ぐらいからなのかな
January 26, 2024 at 7:22 AM
申し遅れましたが私は割と阿久悠のファンで「津軽海峡冬景色」は本当スゴイ作品だと思っております。ここに書かれている通りでさ、女が力を欲するとき歌うと「私たちは誰にも何も言わず自分たちがしたいこと行動に移してよい」という強い強い歌になるけど、同時に1970年代まだまだ根強かったはずの「都会で恋に破れた女は田舎(くに)に帰ってほしいし、帰った田舎で独身熟女として水商売にでも就いて俺たちにもギリギリ手の届きそうな高嶺の花で居てほしい」という男たちの欲望もきっちり満たしていて、そういう連中にはそういう曲にしか聴こえないところです。スゴイ。そりゃ売れるわ。
bsky.app/profile/runc...
bsky.app/profile/runc...
更新されたよ、見に来てね!→ #Linux 激震! #セキュリティ ・ デスクトップ ・ アプリの 未来が変わる日 11月6日(木) #OSS #security #runc #wayland #X11 #news
#Linux 激震! #セキュリティ ・ デスクトップ ・ アプリの 未来が変わる日 11月6日(木) #OSS #security #runc #wayland #X11 #news
runcの脆弱性はすごいことになるな。脱獄事案久しぶりに出た感じです。各クラウドプロバイダも動かざるを得ない!皆さんの実行環境も早めにパッチが当たらんことを!メインセクションのBGMは個人制作のものです。アルバムもあるので良かったらお聞きください: https://music.youtube.com/playl...
www.youtube.com
November 5, 2025 at 7:40 PM
runc container breakouts via procfs writes: CVE-2025-31133,
CVE-2025-52565, and CVE-2025-52881 www.openwall.com/lists/oss-se...
CVE-2025-52565, and CVE-2025-52881 www.openwall.com/lists/oss-se...
oss-security - runc container breakouts via procfs writes: CVE-2025-31133,
CVE-2025-52565, and CVE-2025-52881
www.openwall.com
November 5, 2025 at 10:38 PM
runc container breakouts via procfs writes: CVE-2025-31133,
CVE-2025-52565, and CVE-2025-52881 www.openwall.com/lists/oss-se...
CVE-2025-52565, and CVE-2025-52881 www.openwall.com/lists/oss-se...
CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 - runc container issues Bulletin ID: AWS-2025-024 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/5 8:45 PM PDT CVE ...
Origin | Interest | Match
Origin | Interest | Match
CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 - runc container issues
**Bulletin ID:** AWS-2025-024
**Scope:** AWS
**Content Type:** Important (requires attention)
**Publication Date:** 2025/11/5 8:45 PM PDT
**CVE Identifiers: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881**
AWS is aware of recently disclosed security issues affecting the runc component of several open source container management systems (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) when launching new containers. AWS does not consider containers a security boundary, and does not utilize containers to isolate customers from each other. There is no cross-customer risk from these issues. AWS customers that utilize containers to isolate workloads within their own self-managed environments are strongly encouraged to contact their operating system vendor for any updates or instructions necessary to mitigate any potential concerns arising from these issues.
With the exception of the AWS services listed below, no customer action is required to address this issue. As a best practice, AWS always recommends that you apply all security patches and software version updates.
**Affected services:**
Amazon Linux
Bottlerocket
Amazon Elastic Container Service (ECS)
Amazon Elastic Kubernetes Service (EKS)
AWS Elastic Beanstalk
Finch
AWS Deep Learning AMI
AWS Batch
Amazon SageMaker
aws.amazon.com
November 5, 2025 at 5:58 PM
Critical runc Vulnerabilities Put Docker and Kubernetes Container Isolation at Risk Three critical vulnerabilities in runc, the container runtime powering Docker, Kubernetes, and other containeriza...
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #vulnerabilitytag/Vulnerability" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Vulnerability #News #cyber […]
[Original post on cybersecuritynews.com]
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #vulnerabilitytag/Vulnerability" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Vulnerability #News #cyber […]
[Original post on cybersecuritynews.com]
Original post on cybersecuritynews.com
cybersecuritynews.com
November 10, 2025 at 8:36 AM
Critical runc Vulnerabilities Put Docker and Kubernetes Container Isolation at Risk Three critical vulnerabilities in runc, the container runtime powering Docker, Kubernetes, and other containeriza...
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #vulnerabilitytag/Vulnerability" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Vulnerability #News #cyber […]
[Original post on cybersecuritynews.com]
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #vulnerabilitytag/Vulnerability" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Vulnerability #News #cyber […]
[Original post on cybersecuritynews.com]
"For the first time ever, a Farage-led party has demonstrated that it can win a parliamentary by-election through the front door, not via defection or protest alone".
Damian Lyons Lowe and Vasil Lazarov of @survation.bsky.social on Reform's Runcorn win:
labourlist.org/2025/05/runc...
Damian Lyons Lowe and Vasil Lazarov of @survation.bsky.social on Reform's Runcorn win:
labourlist.org/2025/05/runc...
'Reform's narrow Runcorn win makes 60-100 Labour seats targets' - LabourList
For Labour, the danger isn’t just losing votes at the margins – it is that Reform has shown it can win outright.
labourlist.org
May 2, 2025 at 2:32 PM
"For the first time ever, a Farage-led party has demonstrated that it can win a parliamentary by-election through the front door, not via defection or protest alone".
Damian Lyons Lowe and Vasil Lazarov of @survation.bsky.social on Reform's Runcorn win:
labourlist.org/2025/05/runc...
Damian Lyons Lowe and Vasil Lazarov of @survation.bsky.social on Reform's Runcorn win:
labourlist.org/2025/05/runc...
Runc breaks pods when CPU requests aren't multiples of 10 https:// github.com/opencontainers/runc /issues/4982 # HackerNews # Runc # CPU # issues # Kubernetes # Pods # Multiples # of #10 # Containerization
Interest | Match | Feed
Interest | Match | Feed
Origin
mastodon.social
November 9, 2025 at 9:44 AM
Doing something like this does require a shim, unfortunately, and if you're leveraging standard Linux containers you'll end up duplicating a lot of code with containerd-shim-runc-v2. If NRI had the ability to override entrypoint an NRI plugin would be much simpler to do the same thing.
April 2, 2025 at 3:47 PM
Doing something like this does require a shim, unfortunately, and if you're leveraging standard Linux containers you'll end up duplicating a lot of code with containerd-shim-runc-v2. If NRI had the ability to override entrypoint an NRI plugin would be much simpler to do the same thing.
July 18, 2025 at 1:24 PM
Sicherheitslücken in RunC: Angreifer können aus Docker-Containern ausbrechen
Administratoren sollten aufpassen, welche Docker-Images sie nutzen. Angreifer können sich Root-Zugriff auf das Hostsystem verschaffen.
https://t.ress.at/bvezC/
Administratoren sollten aufpassen, welche Docker-Images sie nutzen. Angreifer können sich Root-Zugriff auf das Hostsystem verschaffen.
https://t.ress.at/bvezC/
November 10, 2025 at 1:30 PM
Sicherheitslücken in RunC: Angreifer können aus Docker-Containern ausbrechen
Administratoren sollten aufpassen, welche Docker-Images sie nutzen. Angreifer können sich Root-Zugriff auf das Hostsystem verschaffen.
https://t.ress.at/bvezC/
Administratoren sollten aufpassen, welche Docker-Images sie nutzen. Angreifer können sich Root-Zugriff auf das Hostsystem verschaffen.
https://t.ress.at/bvezC/
🚨 ALERT: New runC flaws enable full container escape to host with root privileges. Impacts entire container ecosystem. Immediate action is critical. Discover mitigation now:
#Vulnerability #Kubernetes #Security #KloudCenter
[URL] https://link.cedricthibault.cloud/itPeou
#Vulnerability #Kubernetes #Security #KloudCenter
[URL] https://link.cedricthibault.cloud/itPeou
November 11, 2025 at 2:11 AM
🚨 ALERT: New runC flaws enable full container escape to host with root privileges. Impacts entire container ecosystem. Immediate action is critical. Discover mitigation now:
#Vulnerability #Kubernetes #Security #KloudCenter
[URL] https://link.cedricthibault.cloud/itPeou
#Vulnerability #Kubernetes #Security #KloudCenter
[URL] https://link.cedricthibault.cloud/itPeou
Labour won the seat with a majority of 14,696. Reform UK came second on 18% of the vote, compared to Labour’s 53%. Farage regularly claims he will be the next PM (despite getting just 5 seats in 2024), so failing to win the first by-election would be a huge setback.
labourlist.org/2025/03/runc...
labourlist.org/2025/03/runc...
Labour longlists Runcorn candidates as Amesbury to quit, triggering by-election - LabourList
Labour is longlisting candidates this week for the looming Runcorn and Helsby by-election, which now looks almost certain…
labourlist.org
March 10, 2025 at 6:10 PM
Labour won the seat with a majority of 14,696. Reform UK came second on 18% of the vote, compared to Labour’s 53%. Farage regularly claims he will be the next PM (despite getting just 5 seats in 2024), so failing to win the first by-election would be a huge setback.
labourlist.org/2025/03/runc...
labourlist.org/2025/03/runc...
Want to understand containers on a lower level than #Docker? Look at #runc and #containerd. How? #linuxkit
November 2, 2024 at 5:30 PM
Want to understand containers on a lower level than #Docker? Look at #runc and #containerd. How? #linuxkit
The sanctions target a network of offshore financial facilitators and Iranian tech firms. These include Cyrus Bank, accused of handling foreign currency transactions for sanctioned entities, and RUNC Exchange System Company, which developed the domestic CIMS platform as an alternative to SWIFT.
August 8, 2025 at 9:11 AM
The sanctions target a network of offshore financial facilitators and Iranian tech firms. These include Cyrus Bank, accused of handling foreign currency transactions for sanctioned entities, and RUNC Exchange System Company, which developed the domestic CIMS platform as an alternative to SWIFT.
Three new runC CVEs (CVE-2025-31133 / 52565 / 52881) let attackers abuse symlinks & bind mounts to write into /proc and escape containers. Fixes are in runC 1.2.8, 1.3.3, 1.4.0-rc.3+. Patch, use rootless/user-ns containers, watch for suspicious symlink activity
#CyberSecurity #Infosec #CloudSecurity
#CyberSecurity #Infosec #CloudSecurity
November 10, 2025 at 11:20 AM
Three new runC CVEs (CVE-2025-31133 / 52565 / 52881) let attackers abuse symlinks & bind mounts to write into /proc and escape containers. Fixes are in runC 1.2.8, 1.3.3, 1.4.0-rc.3+. Patch, use rootless/user-ns containers, watch for suspicious symlink activity
#CyberSecurity #Infosec #CloudSecurity
#CyberSecurity #Infosec #CloudSecurity