On 30 January 2017 at 10:51, Thorsten Alteholz <deb...@alteholz.de> wrote:
> the following vulnerability was published for runc.
> | Docker Engine 1.12.2 enabled ambient capabilities with misconfigured
> | capability policies. This allowed malicious images to bypass user
> | permissions to access files within the container filesystem or mounted
> | volumes.
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
This one definitely doesn't apply to the runc 0.1.1 we have in Debian
-- the first "ambient capabilities" functionality added upstream was
in https://github.com/opencontainers/runc/pull/1086 (and several more
followed to tweak the behavior), but that wasn't included in a release
until 1.0.0-rc2. :)
(leaving the bug open since I don't want to mess up anything related
to the security tracker)
4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4
Pkg-go-maintainers mailing list