SUSE CVE-2020-14300

The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 https://access.redhat.com/errata/RHBA-2020:0053 included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in...

Mageia: Security Advisory (MGASA-2017-0189)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-14300

The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 https://access.redhat.com/errata/RHBA-2020:0053 included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in...

Code injection

The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 https://access.redhat.com/errata/RHBA-2020:0053 included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in...

CVE-2020-14300

CVE-2020-14300 affects Red Hat Enterprise Linux 7 Extras Docker packaging (docker-1.13.1-108.git4ef4b30.el7). The issue arises from an incorrect runc version in that package, regressing the fix for CVE-2016-9962 and potentially allowing a process inside a container to escape the container namespa...

RHEL 7 : docker (RHSA-2020:2653)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2653 advisory. Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that...

docker: Security regression of CVE-2016-9962 due to inclusion of vulnerable runc

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2016-9962, which was previously fixed via RHSA-2017:0116. This issue could allow a malicious or compromised container to compromise the...

Important: Red Hat Security Advisory: docker security update

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2020-14300

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2016-9962, which was previously fixed via RHSA-2017:0116. This issue could allow a malicious or compromised container to compromise the...

Security Bulletin: Vulnerabilities in docker affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in docker. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-14992 DESCRIPTION: Docker-CE Also known as Moby is vulnerable to a denial of service, caused by the lack of content verification. By using a...

[ASA-201805-11] runc: privilege escalation

Arch Linux Security Advisory ASA-201805-11 ========================================== Severity: High Date : 2018-05-16 CVE-ID : CVE-2016-9962 Package : runc Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-134 Summary ======= The package runc before version...

Fedora Update for runc FEDORA-2017-20cdb2063a

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2017:1964-1 Security update for containerd, docker, runc

This update for - containerd - docker to 1.12.6 - runc fixes the two issues. This security issue was fixed: - CVE-2016-9962: A difficult to exploit race condition caused by passing a file descriptor from the host's filesystem into the container could have allowed the guest to escapebsc1012568. Fo...

openSUSE Security Update : containerd / docker / runc (openSUSE-2017-181)

This update for - containerd, - docker to version 1.12.6 and - runc fixes several issues. This security issues was fixed : - CVE-2016-9962: container escape vulnerability bsc1012568. Thsese non-security issues were fixed : - boo1019251: Add a delay when starting docker service - Fixed...

CVE-2016-9962

The CVE-2016-9962 issue affects RunC (runc) where the runc exec feature allowed additional container processes to be ptraced by the container’s pid 1. Under root, this enabled access to the new processes’ file descriptors during initialization, creating the possibility of container escape or modi...

Security fix for the ALT Linux 10 package runc version 1.0.0-alt2.gitc91b5be

Jan. 23, 2017 Vladimir Didenko 1.0.0-alt2.gitc91b5be - New version. - Fixes CVE-2016-9962...

Security fix for the ALT Linux 8 package runc version 1.0.0-alt2.gitc91b5be

Jan. 23, 2017 Vladimir Didenko 1.0.0-alt2.gitc91b5be - New version. - Fixes CVE-2016-9962...

Fedora 24 : 2:docker-latest (2017-c2c2d1be16)

Fix CVE-2016-9962 - Insecure opening of file-descriptor allows privilege escalation ---- built docker @projectatomic/docker-1.12 commit 6009905 ---- built docker @projectatomic/docker-1.12 commit 97974ae ---- built docker @projectatomic/docker-1.12 commit 7b5044b Note that Tenable Network Securit...

Fedora Update for docker-latest FEDORA-2017-c2c2d1be16

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : 1:runc (2017-0200646669)

Resolves: 1412238 - CVE-2016-9962 - set init processes as non-dumpable, ---- patch to enable seccomp ---- bump to 1.0.0 rc2 ---- Resolves: 1342707 - bump to v1.0.0-rc1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website...