Dockerfile: update runc binary to v1.3.3

Update the version used in CI and for the static binaries. - release notes: https://github.com/opencontainers/runc/releases/tag/v1.3.3 - full diff: https://github.com/opencontainers/runc/compare/v1.3.2...v1.3.3 This release contains fixes for three high-severity security vulnerabilities in runc (CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881). All three vulnerabilities ultimately allow (through different methods) for full container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2026-01-11 10:41:43 +00:00 · 2025-11-05 10:56:44 +01:00
parent 353dc7d904
commit 35f6a78082
2 changed files with 2 additions and 2 deletions
--- a/hack/dockerfile/install/runc.installer
+++ b/hack/dockerfile/install/runc.installer
@@ -7,7 +7,7 @@ set -e
 # The version of runc should match the version that is used by the containerd
 # version that is used. If you need to update runc, open a pull request in
 # the containerd project first, and update both after that is merged.
-: "${RUNC_VERSION:=v1.3.2}"
+: "${RUNC_VERSION:=v1.3.3}"

 install_runc() {
 	RUNC_BUILDTAGS="${RUNC_BUILDTAGS:-"seccomp"}"