1 |
type: security |
2 |
subject: Updated opencontainers-runc packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2019-5736 |
5 |
src: |
6 |
6: |
7 |
core: |
8 |
- opencontainers-runc-1.0.0rc5-3.2.mga6 |
9 |
description: | |
10 |
Not using pivot_root(2) leaves the host /proc around in the mount namespace |
11 |
so that it is possible to mount another /proc without any other submount, |
12 |
even if /proc in the container is not fully visible. This flaw allows an |
13 |
attacker to read and modify some parts of the Linux kernel memory |
14 |
(rhbz#1663068). |
15 |
|
16 |
runc through 1.0-rc6 allows attackers to overwrite the host runc binary |
17 |
(and consequently obtain host root access) by leveraging the ability to |
18 |
execute a command as root within one of these types of containers: a new |
19 |
container with an attacker-controlled image, or an existing container, to |
20 |
which the attacker previously had write access, that can be attached with |
21 |
docker exec. This occurs because of file-descriptor mishandling, related |
22 |
to /proc/self/exe (CVE-2019-5736). |
23 |
references: |
24 |
- https://bugs.mageia.org/show_bug.cgi?id=24253 |
25 |
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SMFQ54VEZPJT4H2C2TBILCPDX2VMAIZ2/ |
26 |
- https://www.openwall.com/lists/oss-security/2019/02/11/2 |
27 |
ID: MGASA-2019-0068 |