CVE-2016-9962
Published: 31 January 2017
RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.
Priority
CVSS 3 base score: 6.4
Status
Package | Release | Status |
---|---|---|
docker.io Launchpad, Ubuntu, Debian |
artful |
Released
(1.13.1-0ubuntu4)
|
bionic |
Released
(1.13.1-0ubuntu4)
|
|
cosmic |
Released
(1.13.1-0ubuntu4)
|
|
disco |
Released
(1.13.1-0ubuntu4)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was deferred)
|
|
upstream |
Released
(1.13.1)
|
|
xenial |
Released
(1.13.1-0ubuntu1~16.04.1)
|
|
yakkety |
Ignored
(reached end-of-life)
|
|
zesty |
Released
(1.13.1-0ubuntu1~17.04.1)
|
|
runc Launchpad, Ubuntu, Debian |
artful |
Released
(1.0.0~rc2+docker1.13.1-0ubuntu1)
|
bionic |
Released
(1.0.0~rc2+docker1.13.1-0ubuntu1)
|
|
cosmic |
Released
(1.0.0~rc2+docker1.13.1-0ubuntu1)
|
|
disco |
Released
(1.0.0~rc2+docker1.13.1-0ubuntu1)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(0.1.1)
|
|
xenial |
Not vulnerable
(1.0.0~rc2+docker1.12.6-0ubuntu1~16.04.1)
|
|
yakkety |
Ignored
(reached end-of-life)
|
|
zesty |
Released
(1.0.0~rc2+docker1.12.6-0ubuntu1)
|