openSUSE-SU-2020:0219-1

Опубликовано: 13 фев. 2020

Источник: suse-cvrf

Описание

Security update for docker-runc

This update for docker-runc fixes the following issues:

CVE-2019-19921: Fixed a volume mount race condition with shared mounts (bsc#1160452).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-lp151.3.15.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3HVIKLZGRTAEX4OALOIIAPGKXT3EJBHA/
E-Mail link for openSUSE-SU-2020:0219-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1160452
SUSE Bug 1160452
https://www.suse.com/security/cve/CVE-2019-19921/
SUSE CVE CVE-2019-19921 page

Описание

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

Затронутые продукты

openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-lp151.3.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-19921.html
CVE-2019-19921
https://bugzilla.suse.com/1160452
SUSE Bug 1160452
https://bugzilla.suse.com/1208962
SUSE Bug 1208962

openSUSE-SU-2020:0219-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-19921

Описание

Затронутые продукты

Ссылки