CVE-2019-16884

Priority
Description
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other
products, allows AppArmor restriction bypass because
libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a
malicious Docker image can mount over a /proc directory.
Ubuntu-Description
It was discovered that runC incorrectly implemented AppArmor restrictions. An
attacker could possibly use this issue to mount malicious images.
Notes
Package
Source: runc (LP Ubuntu Debian)
Upstream:released (1.0.0~rc9)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):released (1.0.0~rc10-0ubuntu1~18.04.2)
Ubuntu 20.04 LTS (Focal Fossa):released (1.0.0~rc8+git20190923.3e425f80-0ubuntu1)
Ubuntu 20.10 (Groovy Gorilla):released (1.0.0~rc8+git20190923.3e425f80-0ubuntu1)
Patches:
Upstream:https://github.com/opencontainers/runc/commit/331692baa7afdf6c186f8667cb0e6362ea0802b3
More Information

Updated: 2020-07-28 18:55:36 UTC (commit 7b6828437fde0509248708fcdb5b0f7587b85bd1)