Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 677744 (CVE-2019-5736)

Summary: <app-emulation/runc-1.0.0_rc7: execution of malicious containers allows for container escape and access to host filesystem (CVE-2019-5736)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: mrueg, williamh
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa+ cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2019-02-11 19:31:33 UTC 
CVE-2019-5736 (https://nvd.nist.gov/vuln/detail/CVE-2019-5736):
  runc: Execution of malicious containers allows for container escape and
  access to host filesystem
Comment 1 William Hubbs gentoo-dev 2020-03-14 22:30:27 UTC 
I've been advised that this was fixed in -rc7 which is no longer in the
tree.
This can probably be closed since a newer version is stable.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-15 04:14:49 UTC 
New GLSA request filed.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2020-03-15 04:28:24 UTC 
This issue was resolved and addressed in
 GLSA 202003-21 at https://security.gentoo.org/glsa/202003-21
by GLSA coordinator Thomas Deutschmann (whissi).