lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CANO=Ty3C4kfhp=A6zQksNzmNRgUBpUk4M__mhkcez=_RA8_Dew@mail.gmail.com>
Date: Tue, 10 Jan 2017 19:29:40 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security <oss-security@...ts.openwall.com>
Cc: fulldisclosure@...lists.org, docker-user@...glegroups.com,
 docker-dev@...glegroups.com, bugtraq@...urityfocus.com
Subject: Re: [FD] [oss-security] Docker 1.12.6 - Security Advisory

Can you post a link to a patch for this issue, or to a bug entry with
additional details, or the download site at a minimum? Thanks!

On Tue, Jan 10, 2017 at 6:58 PM, Nathan McCauley <nathan.mccauley@...ker.com
> wrote:

> Docker Engine version 1.12.6 has been released to address a vulnerability
> and is immediately available for all supported platforms. Users are advised
> to upgrade existing installations of the Docker Engine and use 1.12.6 for
> new installations.
>
> Please send any questions to security@...ker.com.
>
>
> ==============================================================
> [CVE-2016-9962] Insecure opening of file-descriptor allows privilege
> escalation
>
> ==============================================================
>
> RunC allowed additional container processes via `runc exec` to be ptraced
> by the pid 1 of the container.  This allows the main processes of the
> container, if running as root, to gain access to file-descriptors of these
> new processes during the initialization and can lead to container escapes
> or modification of runC state before the process is fully placed inside the
> container
>
>
> Credit for this discovery goes to Aleksa Sarai from SUSE and Tõnis Tiigi
> from Docker.
>



-- 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@...hat.com

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ