GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Mar 15, 2020 8:26 am Post subject: [ GLSA 202003-21 ] runC |
|
|
Gentoo Linux Security Advisory
Title: runC: Multiple vulnerabilities (GLSA 202003-21)
Severity: high
Exploitable: local, remote
Date: 2020-03-15
Bug(s): #677744, #709456, #711182
ID: 202003-21
Synopsis
Multiple vulnerabilities have been discovered in runC, the worst of
which may lead to privilege escalation.
Background
RunC is a CLI tool for spawning and running containers according to the
OCI specification.
Affected Packages
Package: app-emulation/runc
Vulnerable: < 1.0.0_rc10
Unaffected: >= 1.0.0_rc10
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in runC. Please review the
CVE identifiers referenced below for details.
Impact
An attacker, by running a malicious Docker image, could escape the
container, bypass security restrictions, escalate privileges or cause a
Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All runC users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/runc-1.0.0_rc10"
|
References
CVE-2019-16884
CVE-2019-19921
CVE-2019-5736 |
|