Описание
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.
Отчет
The AppArmor security module is not supported by Red Hat, on the other hand the flaw also affects SELinux based distributions like Red Hat Enterprise Linux.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | container-tools:1.0/runc | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.9 | runc | Out of support scope | ||
| Red Hat Enterprise Linux 7 Extras | runc | Fixed | RHBA-2020:1232 | 01.04.2020 |
| Red Hat Enterprise Linux 7 Extras | docker | Fixed | RHSA-2020:1234 | 01.04.2020 |
| Red Hat Enterprise Linux 8 | container-tools | Fixed | RHSA-2019:4269 | 17.12.2019 |
| Red Hat OpenShift Container Platform 4.1 | runc | Fixed | RHSA-2019:3940 | 21.11.2019 |
| Red Hat OpenShift Container Platform 4.2 | runc | Fixed | RHSA-2019:4074 | 03.12.2019 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other ...
Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork
6.5 Medium
CVSS3