github.com/opencontainers/runc is vulnerable to information disclosure attacks. These attacks are possible because a run exec
command can be ptraced by the pid 1 of the container. Using this, it allows attackers to gain access to the file-descriptors of new processes during initialization. It may also lead to container escapes and the modification of the github.com/opencontainers/runc state before a process is fully places into a container. This only happens if the main processes of the container is running as root. This transitively affects docker.
CPE | Name | Operator | Version |
---|---|---|---|
docker | eq | 1.9.1__25.1.origin.el7 | |
docker | eq | 1.10.3__59.1.el7 | |
docker | eq | 1.6.2__8.el7 | |
runc:stretch | eq | 0.1.1+dfsg1-2+deb9u1 |
access.redhat.com/errata/RHSA-2017:0116
access.redhat.com/security/updates/classification/#moderate
access.redhat.com/security/vulnerabilities/cve-2016-9962
bugzilla.redhat.com/show_bug.cgi?id=1316786
bugzilla.redhat.com/show_bug.cgi?id=1341760
bugzilla.redhat.com/show_bug.cgi?id=1346206
bugzilla.redhat.com/show_bug.cgi?id=1360195
bugzilla.redhat.com/show_bug.cgi?id=1364238
bugzilla.redhat.com/show_bug.cgi?id=1373952
bugzilla.redhat.com/show_bug.cgi?id=1385924
bugzilla.redhat.com/show_bug.cgi?id=1388585
bugzilla.redhat.com/show_bug.cgi?id=1389442
bugzilla.redhat.com/show_bug.cgi?id=1393816
bugzilla.redhat.com/show_bug.cgi?id=1395401
bugzilla.redhat.com/show_bug.cgi?id=1399398
bugzilla.redhat.com/show_bug.cgi?id=1400228
bugzilla.redhat.com/show_bug.cgi?id=1400372
bugzilla.redhat.com/show_bug.cgi?id=1403264
bugzilla.redhat.com/show_bug.cgi?id=1403270
bugzilla.redhat.com/show_bug.cgi?id=1403370
bugzilla.redhat.com/show_bug.cgi?id=1403843
bugzilla.redhat.com/show_bug.cgi?id=1404298
bugzilla.redhat.com/show_bug.cgi?id=1404372
bugzilla.redhat.com/show_bug.cgi?id=1405306
bugzilla.redhat.com/show_bug.cgi?id=1405464
bugzilla.redhat.com/show_bug.cgi?id=1405888
bugzilla.redhat.com/show_bug.cgi?id=1405989
bugzilla.redhat.com/show_bug.cgi?id=1406446
bugzilla.redhat.com/show_bug.cgi?id=1410434
bugzilla.redhat.com/show_bug.cgi?id=1412385