Docker Doomsday Issue

By Chloe posted 02-20-2019 10:43

  

Recently a vulnerability was discovered in runc, a runtime environment used in containers, which may affect some Dockerized applications. CVE-2019-5736 manifests itself as a malicious container overwriting contents of the runc binary and consequently running arbitrary commands on the container host system.

This vulnerability requires a malicious container, but Jama Software has vetted all the containers that run on-premises inside the Replicated application. This mitigates the primary attack vector (running an untrusted container). Self-hosted customers can choose to upgrade to Replicated 2.32.2 which will upgrade Docker versions to patch the runc container breakout, or customers can manually upgrade Docker to 18.09.2 or 18.06.2.

 

1 comment
44 views

Comments

06-07-2019 17:25

It should be noted that upgrading docker past 17.12.x on a linux system with a kernel of 3.10.x or older is not recommended. Be sure to check the docker documentation for required kernel versions before updating docker.