Summary: | <app-emulation/runc-1.0.0_rc10: Incorrect Access Control leading to Escalation of Privileges (CVE-2019-19921) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | filip ambroz <filip.ambroz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | williamh |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19921 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=903079 | ||
Whiteboard: | B1 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
filip ambroz
2020-02-13 09:19:17 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=597d7bc5fd67c1bece5dcf1f1f09a9e88bd3bc50 commit 597d7bc5fd67c1bece5dcf1f1f09a9e88bd3bc50 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2020-03-14 22:40:03 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2020-03-14 22:48:57 +0000 app-emulation/runc: stable 1.0.0_rc10 on amd64 Bug: https://bugs.gentoo.org/709456 Signed-off-by: William Hubbs <williamh@gentoo.org> app-emulation/runc/runc-1.0.0_rc10.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2f21e4f1e09cb1c957781841a6ff90dae3494025 commit 2f21e4f1e09cb1c957781841a6ff90dae3494025 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2020-03-14 22:51:41 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2020-03-14 22:51:41 +0000 app-emulation/runc: remove vulnerable versions Bug: https://bugs.gentoo.org/709456 Bug: https://bugs.gentoo.org/711182 Signed-off-by: William Hubbs <williamh@gentoo.org> app-emulation/runc/runc-1.0.0_rc8.ebuild | 63 -------------------------------- app-emulation/runc/runc-1.0.0_rc9.ebuild | 63 -------------------------------- 2 files changed, 126 deletions(-) Added to an existing GLSA. This issue was resolved and addressed in GLSA 202003-21 at https://security.gentoo.org/glsa/202003-21 by GLSA coordinator Thomas Deutschmann (whissi). |