BugTraq
Re: [oss-security] Docker 1.12.6 - Security Advisory Jan 11 2017 10:54AM
Andreas Stieger (astieger suse com)

On 01/11/2017 03:29 AM, Kurt Seifried wrote:
> On Tue, Jan 10, 2017 at 6:58 PM, Nathan McCauley <nathan.mccauley (at) docker (dot) com [email concealed]
>> [CVE-2016-9962] Insecure opening of file-descriptor allows privilege
>> escalation
>>
>> [...]
>> Credit for this discovery goes to Aleksa Sarai from SUSE and Tõnis Tiigi
>> from Docker.
> Can you post a link to a patch for this issue, or to a bug entry with
> additional details, or the download site at a minimum? Thanks!

https://bugzilla.suse.com/show_bug.cgi?id=1012568
https://github.com/docker/docker/compare/v1.12.5...v1.12.6
https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830b
d3dacde268afe5

Andreas

--
Andreas Stieger <astieger (at) suse (dot) com [email concealed]>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEELRFTXKGyY4WwZ7oiLNapVeFZRUYFAlh2Dt8ACgkQLNapVeFZ
RUaflBAAqE/xpBMXQm+4vfGQj3k0WgBlOgRc9adZhk+D4lNL5QKT0iorX5Qn82Ru
tHakBBvRatBDAV9T4rt65jIVyGZTc/i4MewftxlNVZqLfpQRfh5gFE6aAtaRnCoC
u1W3EfqTezKKZeJ5BOR4As9mZEY3Svc4wzxsVPg+2Q+bLqINOg9CWAkJQryCboZi
2PtTcSLMfSoiWzMRlTguz4pzxQ12mrUpk4cowo96r8e6UX7iR5xsqD3bwsIes+rA
v2IfrWyqNMRcpHWydo6fbiNY9d+Zrd/fysFFKJLOawIT0el4JqU6CsobjbKx/JDd
B5ZnpU74C3K8t2V0t8WtaiE5dPQ7gnxyQIkFm8fkq6fIoBTgsDFbrKjgyvCUPsHD
Tkq8Kz1RyjG2XPGvW2tKXWqxCFR4YvCEkdNT3hRSMNq8EGMflZzjc3LfwI/TfK/k
PEmo3NyoDi/YFYuxX+AAwQje+GsiFqkqSWC/C/BOyjxWCJDIT5Mr0xS1wbQ9q7BX
N0qnNE4rySue85pnu9nY9eJ6Vv07nwZ3Pbl+SUXLN8aTiL39pbF1a/rU3AWDn1hR
wh9jmopeQbzUUOQnAQNaU7buBrZCBXD3lovcgfOx1H2U/JbkVhFFILTqt2Qfv+ws
lauTnDrrV7Ws35YDDM2VDX6U3uCK8H6J6edCa/OjoMTAMl4qxhI=
=i32s
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus