Ausführen von Code mit höheren Privilegien in runc
ID: | FEDORA-2017-0200646669 |
Distribution: | Fedora |
Plattformen: | Fedora 25 |
Datum: | Do, 19. Januar 2017, 07:41 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9962
https://bugzilla.redhat.com/show_bug.cgi?id=1342707 |
Applikationen: | runc |
Originalnachricht |
|
Name : runc Product : Fedora 25 Version : 1.0.0 Release : 3.rc2.gitc91b5be.fc25 URL : https://github.com/opencontainers/runc Summary : CLI for running Open Containers Description : The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. -------------------------------------------------------------------------------- Update Information: Resolves: #1412238 - *CVE-2016-9962* - set init processes as non-dumpable, ---- patch to enable seccomp ---- bump to 1.0.0 rc2 ---- Resolves: #1342707 - bump to v1.0.0-rc1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1412238 - CVE-2016-9962 runc: docker: insecure opening of file-descriptor allows privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1412238 [ 2 ] Bug #1342707 - runc-v1.0.0-rc1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1342707 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade runc' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org |