Summary: | <app-emulation/docker-1.11.0: privilege escalation via confusion of usernames and UIDs (CVE-2016-3697) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | admwiggin, williamh, xarthisius |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1329450 | ||
Whiteboard: | B1 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-04-26 08:59:19 UTC
This was fixed in https://github.com/opencontainers/runc/pull/708, which was included in runc 0.1.0+ (and thus at least Docker 1.11+). Arches please stabilize: =app-emulation/docker-1.11.0 ~amd64 =app-emulation/runc-0.1.0 ~amd64 =app-emulation/containerd-0.2.0 ~amd64 =dev-go/go-md2man-1.0.3 ~amd64 =dev-go/blackfriday-1.2_p20150720 ~amd64 =dev-go/sanitized-anchor-name-0_pre20151027 ~amd64 amd64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. commit 62fb332f629ff9b965c80ce4df6a3f0d03c282eb Author: Kacper Kowalik <xarthisius@gentoo.org> Date: Wed Apr 27 10:19:29 2016 -0500 app-emulation/docker: Drop vulnerable versions wrt bug 581236 Package-Manager: portage-2.2.27 *** Bug 580650 has been marked as a duplicate of this bug. *** CVE-2016-3697 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3697): libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. @security: Should I fast stable 1.12.0? (In reply to William Hubbs from comment #7) > @security: > Should I fast stable 1.12.0? No, it's fixed in 1.11 which *is* stable. This issue was resolved and addressed in GLSA 201612-28 at https://security.gentoo.org/glsa/201612-28 by GLSA coordinator Kristian Fiskerstrand (K_F). |