2019-02-14
ALT-BU-2019-3490-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2019-05-07
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-7443
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
Severity: HIGH (8.1)
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html
- http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html
- https://bugzilla.suse.com/show_bug.cgi?id=1124863
- https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/
- http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/
- https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a
- https://bugzilla.suse.com/show_bug.cgi?id=1124863
- http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html
Closed vulnerabilities
Published: 2019-02-11
BDU:2019-00826
Уязвимость инструмента для запуска изолированных контейнеров runc, связанная с ошибками обработки файлового дескриптора, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.2)
Vector: AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
References:
Published: 2019-02-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-5736
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Severity: HIGH (8.6)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
References:
- openSUSE-SU-2019:1079
- openSUSE-SU-2019:1079
- openSUSE-SU-2019:1227
- openSUSE-SU-2019:1227
- openSUSE-SU-2019:1275
- openSUSE-SU-2019:1275
- openSUSE-SU-2019:1444
- openSUSE-SU-2019:1444
- openSUSE-SU-2019:1481
- openSUSE-SU-2019:1481
- openSUSE-SU-2019:1499
- openSUSE-SU-2019:1499
- openSUSE-SU-2019:1506
- openSUSE-SU-2019:1506
- openSUSE-SU-2019:2021
- openSUSE-SU-2019:2021
- openSUSE-SU-2019:2245
- openSUSE-SU-2019:2245
- openSUSE-SU-2019:2286
- openSUSE-SU-2019:2286
- http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
- http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
- http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
- [oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20191023 Membership application for linux-distros - VMware
- [oss-security] 20191023 Membership application for linux-distros - VMware
- [oss-security] 20191029 Re: Membership application for linux-distros - VMware
- [oss-security] 20191029 Re: Membership application for linux-distros - VMware
- [oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack
- 106976
- 106976
- RHSA-2019:0303
- RHSA-2019:0303
- RHSA-2019:0304
- RHSA-2019:0304
- RHSA-2019:0401
- RHSA-2019:0401
- RHSA-2019:0408
- RHSA-2019:0408
- RHSA-2019:0975
- RHSA-2019:0975
- https://access.redhat.com/security/cve/cve-2019-5736
- https://access.redhat.com/security/cve/cve-2019-5736
- https://access.redhat.com/security/vulnerabilities/runcescape
- https://access.redhat.com/security/vulnerabilities/runcescape
- https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
- https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
- https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
- https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
- https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
- https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
- https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
- https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
- https://brauner.github.io/2019/02/12/privileged-containers.html
- https://brauner.github.io/2019/02/12/privileged-containers.html
- https://bugzilla.suse.com/show_bug.cgi?id=1121967
- https://bugzilla.suse.com/show_bug.cgi?id=1121967
- https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
- https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
- https://github.com/docker/docker-ce/releases/tag/v18.09.2
- https://github.com/docker/docker-ce/releases/tag/v18.09.2
- https://github.com/Frichetten/CVE-2019-5736-PoC
- https://github.com/Frichetten/CVE-2019-5736-PoC
- https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
- https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
- https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
- https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
- https://github.com/q3k/cve-2019-5736-poc
- https://github.com/q3k/cve-2019-5736-poc
- https://github.com/rancher/runc-cve
- https://github.com/rancher/runc-cve
- https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
- https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
- [dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736
- [mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736
- [mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- FEDORA-2019-c1dac1b3b8
- FEDORA-2019-c1dac1b3b8
- FEDORA-2019-2baa1f7b19
- FEDORA-2019-2baa1f7b19
- FEDORA-2019-6174b47003
- FEDORA-2019-6174b47003
- FEDORA-2019-bc70b381ad
- FEDORA-2019-bc70b381ad
- GLSA-202003-21
- GLSA-202003-21
- https://security.netapp.com/advisory/ntap-20190307-0008/
- https://security.netapp.com/advisory/ntap-20190307-0008/
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
- https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
- https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc
- USN-4048-1
- USN-4048-1
- 46359
- 46359
- 46369
- 46369
- https://www.openwall.com/lists/oss-security/2019/02/11/2
- https://www.openwall.com/lists/oss-security/2019/02/11/2
- https://www.synology.com/security/advisory/Synology_SA_19_06
- https://www.synology.com/security/advisory/Synology_SA_19_06
- https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
- https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
Package containerd updated to version 1.2.3-alt1 for branch sisyphus in task 221399.
Closed vulnerabilities
Published: 2019-02-11
BDU:2019-00826
Уязвимость инструмента для запуска изолированных контейнеров runc, связанная с ошибками обработки файлового дескриптора, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.2)
Vector: AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
References:
Published: 2019-02-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-5736
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Severity: HIGH (8.6)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
References:
- openSUSE-SU-2019:1079
- openSUSE-SU-2019:1079
- openSUSE-SU-2019:1227
- openSUSE-SU-2019:1227
- openSUSE-SU-2019:1275
- openSUSE-SU-2019:1275
- openSUSE-SU-2019:1444
- openSUSE-SU-2019:1444
- openSUSE-SU-2019:1481
- openSUSE-SU-2019:1481
- openSUSE-SU-2019:1499
- openSUSE-SU-2019:1499
- openSUSE-SU-2019:1506
- openSUSE-SU-2019:1506
- openSUSE-SU-2019:2021
- openSUSE-SU-2019:2021
- openSUSE-SU-2019:2245
- openSUSE-SU-2019:2245
- openSUSE-SU-2019:2286
- openSUSE-SU-2019:2286
- http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
- http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
- http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
- [oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20191023 Membership application for linux-distros - VMware
- [oss-security] 20191023 Membership application for linux-distros - VMware
- [oss-security] 20191029 Re: Membership application for linux-distros - VMware
- [oss-security] 20191029 Re: Membership application for linux-distros - VMware
- [oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack
- 106976
- 106976
- RHSA-2019:0303
- RHSA-2019:0303
- RHSA-2019:0304
- RHSA-2019:0304
- RHSA-2019:0401
- RHSA-2019:0401
- RHSA-2019:0408
- RHSA-2019:0408
- RHSA-2019:0975
- RHSA-2019:0975
- https://access.redhat.com/security/cve/cve-2019-5736
- https://access.redhat.com/security/cve/cve-2019-5736
- https://access.redhat.com/security/vulnerabilities/runcescape
- https://access.redhat.com/security/vulnerabilities/runcescape
- https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
- https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
- https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
- https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
- https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
- https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
- https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
- https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
- https://brauner.github.io/2019/02/12/privileged-containers.html
- https://brauner.github.io/2019/02/12/privileged-containers.html
- https://bugzilla.suse.com/show_bug.cgi?id=1121967
- https://bugzilla.suse.com/show_bug.cgi?id=1121967
- https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
- https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
- https://github.com/docker/docker-ce/releases/tag/v18.09.2
- https://github.com/docker/docker-ce/releases/tag/v18.09.2
- https://github.com/Frichetten/CVE-2019-5736-PoC
- https://github.com/Frichetten/CVE-2019-5736-PoC
- https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
- https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
- https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
- https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
- https://github.com/q3k/cve-2019-5736-poc
- https://github.com/q3k/cve-2019-5736-poc
- https://github.com/rancher/runc-cve
- https://github.com/rancher/runc-cve
- https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
- https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
- [dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736
- [mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736
- [mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- FEDORA-2019-c1dac1b3b8
- FEDORA-2019-c1dac1b3b8
- FEDORA-2019-2baa1f7b19
- FEDORA-2019-2baa1f7b19
- FEDORA-2019-6174b47003
- FEDORA-2019-6174b47003
- FEDORA-2019-bc70b381ad
- FEDORA-2019-bc70b381ad
- GLSA-202003-21
- GLSA-202003-21
- https://security.netapp.com/advisory/ntap-20190307-0008/
- https://security.netapp.com/advisory/ntap-20190307-0008/
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
- https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
- https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc
- USN-4048-1
- USN-4048-1
- 46359
- 46359
- 46369
- 46369
- https://www.openwall.com/lists/oss-security/2019/02/11/2
- https://www.openwall.com/lists/oss-security/2019/02/11/2
- https://www.synology.com/security/advisory/Synology_SA_19_06
- https://www.synology.com/security/advisory/Synology_SA_19_06
- https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
- https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
Package kernel-image-mp updated to version 4.20.8-alt1 for branch sisyphus in task 221429.
Closed vulnerabilities
Published: 2019-02-01
BDU:2019-01183
Уязвимость реализации протокола SCTP ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-02-07
BDU:2019-01346
Уязвимость функции kvm_ioctl_create_device ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (8.1)
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-02-07
BDU:2019-01352
Уязвимость подсистемы виртуализации Kernel-based Virtual Machine (KVM) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-01-16
BDU:2019-01406
Уязвимость драйвера интерфейса управления платформой IPMI ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-01-02
BDU:2019-02381
Уязвимость ядра операционных систем Linux, связанная со смещением указателя за пределы допустимых значений, позволяющая нарушителю реализовать атаки по побочным каналам
Severity: MEDIUM (5.6)
Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2019-02-07
BDU:2019-03996
Уязвимость ядра операционной системы Linux, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.5)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2019-02-15
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-6974
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
Severity: HIGH (8.1)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9
- 107127
- RHBA-2019:0959
- RHSA-2019:0818
- RHSA-2019:0833
- RHSA-2019:2809
- RHSA-2019:3967
- RHSA-2020:0103
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1765
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156
- https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- https://support.f5.com/csp/article/K11186236
- https://support.f5.com/csp/article/K11186236?utm_source=f5support&%3Butm_medium=RSS
- USN-3930-1
- USN-3930-2
- USN-3931-1
- USN-3931-2
- USN-3932-1
- USN-3932-2
- USN-3933-1
- USN-3933-2
- 46388
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9
- 46388
- USN-3933-2
- USN-3933-1
- USN-3932-2
- USN-3932-1
- USN-3931-2
- USN-3931-1
- USN-3930-2
- USN-3930-1
- https://support.f5.com/csp/article/K11186236?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K11186236
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1765
- RHSA-2020:0103
- RHSA-2019:3967
- RHSA-2019:2809
- RHSA-2019:0833
- RHSA-2019:0818
- RHBA-2019:0959
- 107127
Published: 2019-03-21
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-7221
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
Severity: HIGH (7.8)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- SUSE-SA-2019:0203-1
- http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html
- http://www.openwall.com/lists/oss-security/2019/02/18/2
- RHBA-2019:0959
- RHSA-2019:0818
- RHSA-2019:0833
- RHSA-2019:3967
- RHSA-2019:4058
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1760
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f
- https://github.com/torvalds/linux/commits/master/arch/x86/kvm
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- FEDORA-2019-164946aa7f
- FEDORA-2019-3da64f3e61
- https://security.netapp.com/advisory/ntap-20190404-0002/
- https://support.f5.com/csp/article/K08413011
- USN-3930-1
- USN-3930-2
- USN-3931-1
- USN-3931-2
- USN-3932-1
- USN-3932-2
- SUSE-SA-2019:0203-1
- USN-3932-2
- USN-3932-1
- USN-3931-2
- USN-3931-1
- USN-3930-2
- USN-3930-1
- https://support.f5.com/csp/article/K08413011
- https://security.netapp.com/advisory/ntap-20190404-0002/
- FEDORA-2019-3da64f3e61
- FEDORA-2019-164946aa7f
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- https://github.com/torvalds/linux/commits/master/arch/x86/kvm
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1760
- RHSA-2019:4058
- RHSA-2019:3967
- RHSA-2019:0833
- RHSA-2019:0818
- RHBA-2019:0959
- http://www.openwall.com/lists/oss-security/2019/02/18/2
- http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html
Published: 2019-03-21
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-7222
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
- SUSE-SA-2019:0203-1
- http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html
- [oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)
- 106963
- RHSA-2019:2029
- RHSA-2019:2043
- RHSA-2019:3309
- RHSA-2019:3517
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1759
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a
- https://github.com/torvalds/linux/commits/master/arch/x86/kvm
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- FEDORA-2019-164946aa7f
- FEDORA-2019-3da64f3e61
- https://security.netapp.com/advisory/ntap-20190404-0002/
- USN-3930-1
- USN-3930-2
- USN-3931-1
- USN-3931-2
- USN-3932-1
- USN-3932-2
- USN-3933-1
- USN-3933-2
- SUSE-SA-2019:0203-1
- USN-3933-2
- USN-3933-1
- USN-3932-2
- USN-3932-1
- USN-3931-2
- USN-3931-1
- USN-3930-2
- USN-3930-1
- https://security.netapp.com/advisory/ntap-20190404-0002/
- FEDORA-2019-3da64f3e61
- FEDORA-2019-164946aa7f
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- https://github.com/torvalds/linux/commits/master/arch/x86/kvm
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1759
- RHSA-2019:3517
- RHSA-2019:3309
- RHSA-2019:2043
- RHSA-2019:2029
- 106963
- [oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)
- http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html
Published: 2019-02-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-7308
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
Severity: MEDIUM (5.6)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=979d63d50c0c0f7bc537bf821e056cc9fe5abd38
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3bd7413e0ca40b60cf60d4003246d067cafdeda
- openSUSE-SU-2019:1193
- 106827
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1711
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.6
- https://github.com/torvalds/linux/commit/979d63d50c0c0f7bc537bf821e056cc9fe5abd38
- https://github.com/torvalds/linux/commit/d3bd7413e0ca40b60cf60d4003246d067cafdeda
- https://support.f5.com/csp/article/K43030517
- https://support.f5.com/csp/article/K43030517?utm_source=f5support&%3Butm_medium=RSS
- USN-3930-1
- USN-3930-2
- USN-3931-1
- USN-3931-2
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=979d63d50c0c0f7bc537bf821e056cc9fe5abd38
- USN-3931-2
- USN-3931-1
- USN-3930-2
- USN-3930-1
- https://support.f5.com/csp/article/K43030517?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K43030517
- https://github.com/torvalds/linux/commit/d3bd7413e0ca40b60cf60d4003246d067cafdeda
- https://github.com/torvalds/linux/commit/979d63d50c0c0f7bc537bf821e056cc9fe5abd38
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.6
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1711
- 106827
- openSUSE-SU-2019:1193
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3bd7413e0ca40b60cf60d4003246d067cafdeda
Published: 2019-04-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-8956
In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
- https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=ba59fb0273076637f0add4311faa990a5eec27c0
- https://secuniaresearch.flexerasoftware.com/secunia_research/2019-5/
- https://support.f5.com/csp/article/K12671141
- USN-3930-1
- USN-3930-2
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
- USN-3930-2
- USN-3930-1
- https://support.f5.com/csp/article/K12671141
- https://secuniaresearch.flexerasoftware.com/secunia_research/2019-5/
- https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=ba59fb0273076637f0add4311faa990a5eec27c0
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
Published: 2019-02-22
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-9003
In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77f8269606bf95fcb232ee86f6da80886f1dfae8
- openSUSE-SU-2019:1404
- 107145
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.5
- https://github.com/torvalds/linux/commit/77f8269606bf95fcb232ee86f6da80886f1dfae8
- https://security.netapp.com/advisory/ntap-20190327-0002/
- USN-3930-1
- USN-3930-2
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77f8269606bf95fcb232ee86f6da80886f1dfae8
- USN-3930-2
- USN-3930-1
- https://security.netapp.com/advisory/ntap-20190327-0002/
- https://github.com/torvalds/linux/commit/77f8269606bf95fcb232ee86f6da80886f1dfae8
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.5
- 107145
- openSUSE-SU-2019:1404
Package docs-alt-education updated to version 8.2-alt5 for branch sisyphus in task 221454.
Closed bugs
Добавить раздел по установке шрифтов Microsoft в Альт Образование 8
Closed vulnerabilities
Published: 2019-02-11
BDU:2019-00826
Уязвимость инструмента для запуска изолированных контейнеров runc, связанная с ошибками обработки файлового дескриптора, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.2)
Vector: AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
References:
Published: 2019-02-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-5736
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Severity: HIGH (8.6)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
References:
- openSUSE-SU-2019:1079
- openSUSE-SU-2019:1079
- openSUSE-SU-2019:1227
- openSUSE-SU-2019:1227
- openSUSE-SU-2019:1275
- openSUSE-SU-2019:1275
- openSUSE-SU-2019:1444
- openSUSE-SU-2019:1444
- openSUSE-SU-2019:1481
- openSUSE-SU-2019:1481
- openSUSE-SU-2019:1499
- openSUSE-SU-2019:1499
- openSUSE-SU-2019:1506
- openSUSE-SU-2019:1506
- openSUSE-SU-2019:2021
- openSUSE-SU-2019:2021
- openSUSE-SU-2019:2245
- openSUSE-SU-2019:2245
- openSUSE-SU-2019:2286
- openSUSE-SU-2019:2286
- http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
- http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
- http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
- [oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20191023 Membership application for linux-distros - VMware
- [oss-security] 20191023 Membership application for linux-distros - VMware
- [oss-security] 20191029 Re: Membership application for linux-distros - VMware
- [oss-security] 20191029 Re: Membership application for linux-distros - VMware
- [oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack
- [oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack
- 106976
- 106976
- RHSA-2019:0303
- RHSA-2019:0303
- RHSA-2019:0304
- RHSA-2019:0304
- RHSA-2019:0401
- RHSA-2019:0401
- RHSA-2019:0408
- RHSA-2019:0408
- RHSA-2019:0975
- RHSA-2019:0975
- https://access.redhat.com/security/cve/cve-2019-5736
- https://access.redhat.com/security/cve/cve-2019-5736
- https://access.redhat.com/security/vulnerabilities/runcescape
- https://access.redhat.com/security/vulnerabilities/runcescape
- https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
- https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
- https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
- https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
- https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
- https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
- https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
- https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
- https://brauner.github.io/2019/02/12/privileged-containers.html
- https://brauner.github.io/2019/02/12/privileged-containers.html
- https://bugzilla.suse.com/show_bug.cgi?id=1121967
- https://bugzilla.suse.com/show_bug.cgi?id=1121967
- https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
- https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
- https://github.com/docker/docker-ce/releases/tag/v18.09.2
- https://github.com/docker/docker-ce/releases/tag/v18.09.2
- https://github.com/Frichetten/CVE-2019-5736-PoC
- https://github.com/Frichetten/CVE-2019-5736-PoC
- https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
- https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
- https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
- https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
- https://github.com/q3k/cve-2019-5736-poc
- https://github.com/q3k/cve-2019-5736-poc
- https://github.com/rancher/runc-cve
- https://github.com/rancher/runc-cve
- https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
- https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
- [dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736
- [mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736
- [mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
- [dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736
- [dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- FEDORA-2019-c1dac1b3b8
- FEDORA-2019-c1dac1b3b8
- FEDORA-2019-2baa1f7b19
- FEDORA-2019-2baa1f7b19
- FEDORA-2019-6174b47003
- FEDORA-2019-6174b47003
- FEDORA-2019-bc70b381ad
- FEDORA-2019-bc70b381ad
- GLSA-202003-21
- GLSA-202003-21
- https://security.netapp.com/advisory/ntap-20190307-0008/
- https://security.netapp.com/advisory/ntap-20190307-0008/
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
- https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
- https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc
- USN-4048-1
- USN-4048-1
- 46359
- 46359
- 46369
- 46369
- https://www.openwall.com/lists/oss-security/2019/02/11/2
- https://www.openwall.com/lists/oss-security/2019/02/11/2
- https://www.synology.com/security/advisory/Synology_SA_19_06
- https://www.synology.com/security/advisory/Synology_SA_19_06
- https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
- https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
Closed bugs
File conflict with pear-XML_Util