Re: [oss-security] Docker 1.12.6 - Security Advisory

From: Andreas Stieger <astieger@suse.com>
To: oss-security@lists.openwall.com
Cc: docker-user@googlegroups.com,docker-dev@googlegroups.com,fulldisclosure@seclists.org,vuln@secunia.com,bugtraq@securityfocus.com
Subject: Re: [oss-security] Docker 1.12.6 - Security Advisory
Date:



On 01/11/2017 03:29 AM, Kurt Seifried wrote:
> On Tue, Jan 10, 2017 at 6:58 PM, Nathan McCauley <nathan.mccauley@docker.com
>> [CVE-2016-9962] Insecure opening of file-descriptor allows privilege
>> escalation
>>
>> [...]
>> Credit for this discovery goes to Aleksa Sarai from SUSE and Tõnis Tiigi
>> from Docker.
> Can you post a link to a patch for this issue, or to a bug entry with
> additional details, or the download site at a minimum? Thanks!

https://bugzilla.suse.com/show_bug.cgi?id=1012568
https://github.com/docker/docker/compare/v1.12.5...v1.12.6
https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5

Andreas

-- 
Andreas Stieger <astieger@suse.com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)






Copyright © 1995-2018 LinuxRocket.net. All rights reserved.