openSUSE Security Update : containerd / docker / runc (openSUSE-2017-181)

This update for - containerd, - docker to version 1.12.6 and - runc fixes several issues. This security issues was fixed : - CVE-2016-9962: container escape vulnerability bsc1012568. Thsese non-security issues were fixed : - boo1019251: Add a delay when starting docker service - Fixed...

OWASP Security Knowledge Framework - An expert system application that uses OWASP Application Security Verification Standard

Security Knowledge Framework is an expert system application that uses OWASP Application Security Verification Standard, code examples, helps developers in pre-development and post-development. Introduction Our experience taught us that the current level of security the current web-applications...

OWASP Security Shepherd - Web And Mobile Application Security Training Platform

The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen...

passfault - OWASP Passfault evaluates passwords and enforces password policy in a completely different way

Objective: Do Passwords Better! Running the Command-line Interface: 1. install java 2. cd core 3. gradlew installDist 4. run build/install/core/bin/core Running the jsonWebService: 1. cd jsonService 2. gradlew build jettyRunWar 3. browse to localhost:8080/jsonService Note the war will be located ...

Fedora 24 : 2:docker-latest (2017-c2c2d1be16)

Fix CVE-2016-9962 - Insecure opening of file-descriptor allows privilege escalation ---- built docker @projectatomic/docker-1.12 commit 6009905 ---- built docker @projectatomic/docker-1.12 commit 97974ae ---- built docker @projectatomic/docker-1.12 commit 7b5044b Note that Tenable Network Securit...

Fedora Update for docker-latest FEDORA-2017-c2c2d1be16

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 24 Update: docker-latest-1.12.6-1.git51ef5a8.fc24

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...

Docker Local Elevation of Privilege Vulnerability (CNVD-2017-00924)

Docker is an open source application container engine from Docker Inc. in the United States, which supports the creation of a container lightweight virtual machine and deployment and running applications on Linux systems, as well as automated installation, deployment and upgrading of applications...

Glue - Application Security Automation

Glue is a framework for running a series of tools. Generally, it is intended as a backbone for automating a security analysis pipeline of tools. Recommended Usage For those wishing to run Glue, we recommend using the docker image because it should have the other tools it uses available already an...

Docker Compliance Check: Skipped

Lists all the Docker Compliance Policy Checks errors. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Docker Compliance Check: Error

Lists all the Docker Compliance Policy Checks errors. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Docker Compliance Check: Failed

Lists all the Docker Compliance Policy Checks which did NOT pass. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Docker Compliance Check

Runs the Docker Compliance Check. These tests are inspired by the CIS Docker Benchmark. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

Docker Compliance Check: Passed

Lists all the Docker Compliance Policy Checks which did pass. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

Docker Patches Privilege Escalation Vulnerability

Docker has patched a privilege escalation vulnerability CVE-2016-9962 that could lead to container escapes, allowing a hacker to affect operations of a host from inside a container. The vulnerability is rated high severity by some Linux distributions such as Arch Linux, which traces the problem t...

RHEL 7 : docker-latest (RHSA-2017:0123)

An update for docker-latest is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 7 : docker (RHSA-2017:0116)

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 7 : runc (RHSA-2017:0127)

An update for runc is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Oracle Linux 6 / 7 : docker-engine / docker-engine-selinux (ELSA-2017-3511)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-3511 advisory. - Fix runC privilege escalation CVE-2016-9962 - Fix ambient capability usage in containers CVE-2016-8867 27610 Tenable has extracted the preceding descripti...

docker: insecure opening of file-descriptor allows privilege escalation

The runc component used by docker exec feature of docker allowed additional container processes to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain low-level access to these new processes during initialization. An attacker can,...