Dockerfile: update runc binary to v1.3.3

Update the version used in CI and for the static binaries. - release notes: https://github.com/opencontainers/runc/releases/tag/v1.3.3 - full diff: https://github.com/opencontainers/runc/compare/v1.3.2...v1.3.3 This release contains fixes for three high-severity security vulnerabilities in runc (CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881). All three vulnerabilities ultimately allow (through different methods) for full container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2026-01-11 10:41:43 +00:00 · 2025-11-05 10:56:44 +01:00
parent 353dc7d904
commit 35f6a78082
2 changed files with 2 additions and 2 deletions
--- a/2
+++ b/2
@@ -254,7 +254,7 @@ RUN git init . && git remote add origin "https://github.com/opencontainers/runc.
 # This version should usually match the version that is used by the containerd version
 # that is used. If you need to update runc, open a pull request in the containerd
 # project first, and update both after that is merged.
-ARG RUNC_VERSION=v1.3.2
+ARG RUNC_VERSION=v1.3.3
 RUN git fetch -q --depth 1 origin "${RUNC_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD

 FROM base AS runc-build