(RHSA-2016:2634) Moderate: docker security and bug fix update

2016-11-0316:46:17

access.redhat.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere.

Security Fix(es):

It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container. (CVE-2016-3697)

This issue was discovered by Mrunal Patel (Red Hat).

Bug Fix(es):

This update also provides various bug fixes and enhancements. Users are advised to upgrade to these updated packages.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64docker-lvm-plugin< 1.10.3-57.el7docker-lvm-plugin-1.10.3-57.el7.x86_64.rpm
RedHat7x86_64docker-common< 1.10.3-57.el7docker-common-1.10.3-57.el7.x86_64.rpm
RedHat7x86_64docker-v1.10-migrator< 1.10.3-57.el7docker-v1.10-migrator-1.10.3-57.el7.x86_64.rpm
RedHat7x86_64docker-novolume-plugin< 1.10.3-57.el7docker-novolume-plugin-1.10.3-57.el7.x86_64.rpm
RedHat7x86_64docker-selinux< 1.10.3-57.el7docker-selinux-1.10.3-57.el7.x86_64.rpm
RedHat7x86_64docker-rhel-push-plugin< 1.10.3-57.el7docker-rhel-push-plugin-1.10.3-57.el7.x86_64.rpm
RedHat7x86_64docker-logrotate< 1.10.3-57.el7docker-logrotate-1.10.3-57.el7.x86_64.rpm
RedHat7x86_64docker< 1.10.3-57.el7docker-1.10.3-57.el7.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	x86_64	docker-lvm-plugin	< 1.10.3-57.el7	docker-lvm-plugin-1.10.3-57.el7.x86_64.rpm
RedHat	7	x86_64	docker-common	< 1.10.3-57.el7	docker-common-1.10.3-57.el7.x86_64.rpm
RedHat	7	x86_64	docker-v1.10-migrator	< 1.10.3-57.el7	docker-v1.10-migrator-1.10.3-57.el7.x86_64.rpm
RedHat	7	x86_64	docker-novolume-plugin	< 1.10.3-57.el7	docker-novolume-plugin-1.10.3-57.el7.x86_64.rpm
RedHat	7	x86_64	docker-selinux	< 1.10.3-57.el7	docker-selinux-1.10.3-57.el7.x86_64.rpm
RedHat	7	x86_64	docker-rhel-push-plugin	< 1.10.3-57.el7	docker-rhel-push-plugin-1.10.3-57.el7.x86_64.rpm
RedHat	7	x86_64	docker-logrotate	< 1.10.3-57.el7	docker-logrotate-1.10.3-57.el7.x86_64.rpm
RedHat	7	x86_64	docker	< 1.10.3-57.el7	docker-1.10.3-57.el7.x86_64.rpm