Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:1159-1

Опубликовано: 26 апр. 2016
Источник: suse-cvrf

Описание

Security update for docker

docker was updated to fix one security issue.

This security issue was fixed:

  • CVE-2016-3697: Potential privilege escalation via confusion of usernames and UIDs (bsc#976777).

Список пакетов

SUSE Linux Enterprise Module for Containers 12
docker-1.10.3-66.1
SUSE OpenStack Cloud 6
docker-1.10.3-66.1

Ссылки

Описание

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.

Затронутые продукты
SUSE Linux Enterprise Module for Containers 12:docker-1.10.3-66.1
SUSE OpenStack Cloud 6:docker-1.10.3-66.1
Ссылки