vulnerability
CentOS Linux: CVE-2019-5736: Important: runc security update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | 2019-02-11 | 2019-08-28 | 2023-05-25 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
2019-02-11
Added
2019-08-28
Modified
2023-05-25
Description
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Solution(s)
centos-upgrade-buildahcentos-upgrade-buildah-debuginfocentos-upgrade-buildah-debugsourcecentos-upgrade-container-selinuxcentos-upgrade-containernetworking-pluginscentos-upgrade-containernetworking-plugins-debuginfocentos-upgrade-containernetworking-plugins-debugsourcecentos-upgrade-containers-commoncentos-upgrade-dockercentos-upgrade-docker-clientcentos-upgrade-docker-commoncentos-upgrade-docker-debuginfocentos-upgrade-docker-logrotatecentos-upgrade-docker-lvm-plugincentos-upgrade-docker-novolume-plugincentos-upgrade-docker-rhel-push-plugincentos-upgrade-docker-v1-10-migratorcentos-upgrade-fuse-overlayfscentos-upgrade-fuse-overlayfs-debuginfocentos-upgrade-fuse-overlayfs-debugsourcecentos-upgrade-oci-systemd-hookcentos-upgrade-oci-systemd-hook-debuginfocentos-upgrade-oci-systemd-hook-debugsourcecentos-upgrade-oci-umountcentos-upgrade-oci-umount-debuginfocentos-upgrade-oci-umount-debugsourcecentos-upgrade-podmancentos-upgrade-podman-debuginfocentos-upgrade-podman-debugsourcecentos-upgrade-podman-dockercentos-upgrade-runccentos-upgrade-runc-debuginfocentos-upgrade-runc-debugsourcecentos-upgrade-skopeocentos-upgrade-skopeo-debuginfocentos-upgrade-skopeo-debugsourcecentos-upgrade-slirp4netnscentos-upgrade-slirp4netns-debuginfocentos-upgrade-slirp4netns-debugsource
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.