677744 – (CVE-2019-5736) <app-emulation/runc-1.0.0_rc7: execution of malicious containers allows for container escape and access to host filesystem (CVE-2019-5736)

Bug 677744 (CVE-2019-5736) - <app-emulation/runc-1.0.0_rc7: execution of malicious containers allows for container escape and access to host filesystem (CVE-2019-5736)

Summary: <app-emulation/runc-1.0.0_rc7: execution of malicious containers allows for c...

Status:	RESOLVED FIXED

Alias:	CVE-2019-5736

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [glsa+ cve]
Keywords:

Depends on:
Blocks:

Reported:	2019-02-11 19:31 UTC by GLSAMaker/CVETool Bot
Modified:	2020-03-15 04:28 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2019-02-11 19:31:33 UTC

CVE-2019-5736 (https://nvd.nist.gov/vuln/detail/CVE-2019-5736):
  runc: Execution of malicious containers allows for container escape and
  access to host filesystem

Comment 1 William Hubbs gentoo-dev

2020-03-14 22:30:27 UTC

I've been advised that this was fixed in -rc7 which is no longer in the
tree.
This can probably be closed since a newer version is stable.

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2020-03-15 04:14:49 UTC

New GLSA request filed.

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2020-03-15 04:28:24 UTC

This issue was resolved and addressed in
 GLSA 202003-21 at https://security.gentoo.org/glsa/202003-21
by GLSA coordinator Thomas Deutschmann (whissi).