CVE-2019-5736

Priority
Description
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products,
allows attackers to overwrite the host runc binary (and consequently obtain
host root access) by leveraging the ability to execute a command as root
within one of these types of containers: (1) a new container with an
attacker-controlled image, or (2) an existing container, to which the
attacker previously had write access, that can be attached with docker
exec. This occurs because of file-descriptor mishandling, related to
/proc/self/exe.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (18.06.1-0ubuntu1.2~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (18.06.1-0ubuntu1.2~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (8.06.1-0ubuntu1.2)
Ubuntu 19.04 (Disco Dingo):needed
Package
Source: runc (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.0.0~rc2+docker1.13.1-0ubuntu1~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.0.0~rc4+dfsg1-6ubuntu0.18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1.0.0~rc4+dfsg1-6ubuntu0.18.10.1)
Ubuntu 19.04 (Disco Dingo):needed
More Information

Updated: 2019-03-26 11:31:10 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)