(RHSA-2016:2634) Moderate: docker security and bug fix update

2016-11-03T20:46:17
ID RHSA-2016:2634
Type redhat
Reporter RedHat
Modified 2016-11-03T20:47:12

Description

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere.

Security Fix(es):

  • It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container. (CVE-2016-3697)

This issue was discovered by Mrunal Patel (Red Hat).

Bug Fix(es):

  • This update also provides various bug fixes and enhancements. Users are advised to upgrade to these updated packages.