Community Packages

Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#52493 - [docker] CVE-2016-9962 - Insecure opening of file-descriptor allows privilege escalation

Attached to Project: Community Packages
Opened by Filip Frackiewicz (notreallyhere) - Wednesday, 11 January 2017, 13:52 GMT
Last edited by Sébastien Luttringer (seblu) - Thursday, 12 January 2017, 11:13 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Sébastien Luttringer (seblu)
Levente Polyak (anthraxx)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

RunC allowed additional container processes via `runc exec` to be ptraced
by the pid 1 of the container. This allows the main processes of the
container, if running as root, to gain access to file-descriptors of these
new processes during the initialization and can lead to container escapes
or modification of runC state before the process is fully placed inside the
container.

Reference: http://seclists.org/oss-sec/2017/q1/54

Fix is here: https://github.com/docker/docker/tree/v1.12.6
This task depends upon

Closed by  Sébastien Luttringer (seblu)
Thursday, 12 January 2017, 11:13 GMT
Reason for closing:  Fixed
Additional comments about closing:  1:1.12.6-1

Loading...