Описание
ELSA-2016-3568: docker-engine security update (IMPORTANT)
[1.10.3-1.0.3]
- CVE-2016-3697: docker: Potential privilege escalation via confusion of usernames and UIDs [orabug 23279003]
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
docker-engine
1.10.3-1.0.3.el6
Oracle Linux 7
Oracle Linux x86_64
docker-engine
1.10.3-1.0.3.el7
docker-engine-selinux
1.10.3-1.0.3.el7
Связанные CVE
Связанные уязвимости
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
libcontainer/user/user.go in runC before 0.1.0, as used in Docker befo ...