HCE2-SA-2023-0074 Important HCE 2.0 Security Fix(es): runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition. (CVE-2021-30465) runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) (CVE-2019-19921) HCE 2.0 docker-runc-1.0.0.rc3-301.r12.hce2.aarch64.rpm docker-runc-1.0.0.rc3-301.r12.hce2.x86_64.rpm