CVE-2016-3697

Priority
Description
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before
1.11.2, improperly treats a numeric UID as a potential username, which
allows local users to gain privileges via a numeric username in the
password file in a container.
Notes
leosilvadebian claims that the code is not present in docker.io.
in all the case runc is not affected anyway.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Source: runc (LP Ubuntu Debian)
Upstream:released (0.1.0+dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.0.0~rc2+docker1.12.6-0ubuntu1~16.04.1)
More Information

Updated: 2020-09-10 05:10:15 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)