Описание
Security update for docker-runc
This update for docker-runc fixes the following issues:
- CVE-2019-19921: Fixed a volume mount race condition with shared mounts (bsc#1160452).
Список пакетов
Image SLES15-OCI-BYOS
docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1
Image SLES15-SAP-OCI-BYOS
docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1
Image SLES15-SP1-OCI-BYOS
docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1
Image SLES15-SP1-SAP-OCI-BYOS
docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1
Image SLES15-SP2-Azure-Basic
docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1
Image SLES15-SP2-Azure-Standard
docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1
Image SLES15-SP2-EC2-ECS-HVM
docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1
Image SLES15-SP2-GCE
docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1
Image SLES15-SP2-HPC-Azure
docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1
SUSE Linux Enterprise Module for Containers 15 SP1
docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1
Ссылки
- Link for SUSE-SU-2020:0375-1
- E-Mail link for SUSE-SU-2020:0375-1
- SUSE Security Ratings
- SUSE Bug 1160452
- SUSE CVE CVE-2019-19921 page
Описание
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
Затронутые продукты
Image SLES15-OCI-BYOS:docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1
Image SLES15-SAP-OCI-BYOS:docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1
Image SLES15-SP1-OCI-BYOS:docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1
Image SLES15-SP1-SAP-OCI-BYOS:docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.32.1
Ссылки
- CVE-2019-19921
- SUSE Bug 1160452
- SUSE Bug 1208962