Security update for docker-runc SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:0201-1 Final 1 1 2019-02-18T16:53:30Z current 2019-02-18T16:53:30Z 2019-02-18T16:53:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for docker-runc This update for docker-runc fixes the following issues: Security issue fixed: - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2019-02/msg00096.html E-Mail link for openSUSE-SU-2019:0201-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-8.1 docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-8.1 docker-runc-kubic-test-1.0.0rc5+gitr3562_69663f0bd4b6-8.1 docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-8.1 docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-8.1 as a component of openSUSE Leap 42.3 docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-8.1 as a component of openSUSE Leap 42.3 docker-runc-kubic-test-1.0.0rc5+gitr3562_69663f0bd4b6-8.1 as a component of openSUSE Leap 42.3 docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-8.1 as a component of openSUSE Leap 42.3 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. CVE-2019-5736 openSUSE Leap 42.3:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-8.1 openSUSE Leap 42.3:docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-8.1 openSUSE Leap 42.3:docker-runc-kubic-test-1.0.0rc5+gitr3562_69663f0bd4b6-8.1 openSUSE Leap 42.3:docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-8.1 important Please Install the update. https://lists.opensuse.org/opensuse-updates/2019-02/msg00096.html https://www.suse.com/security/cve/CVE-2019-5736.html CVE-2019-5736 https://bugzilla.suse.com/1121967 SUSE Bug 1121967 https://bugzilla.suse.com/1122185 SUSE Bug 1122185 https://bugzilla.suse.com/1173421 SUSE Bug 1173421