Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 568
Alerts This Week
Warning Icon 1 568

Fedora 25: 2017-dbc2b618eb Critical: Docker Privilege Escalation Issue

fedora
Calendar Grey January 13, 2017
Dist Fedora Esm H88
Explore the Docker patch resolving CVE-2016-9962 while focusing on privilege elevation vulnerabilities present in Fedora systems.
Fix [CVE-2016-9962] Insecure opening of file-descriptor allows privilege Fix BZ#1412148 - containerd: container did not start before the specified timeout ---- use container-selinu...

Summary

Docker is an open-source engine that automates the deployment of any

application as a lightweight, portable, self-sufficient container that will

run virtually anywhere.

Docker containers can encapsulate any payload, and will run consistently on

and between virtually any server. The same container that a developer builds

and tests on a laptop will run at scale, in production*, on VMs, bare-metal

servers, OpenStack clusters, public instances, or combinations of the above.

Update Information:

Fix [CVE-2016-9962] Insecure opening of file-descriptor allows privilege Fix BZ#1412148 - containerd: container did not start before the specified timeout ---- use container-selinux >= 2:2.0-2

Change Log

References


[ 1 ] Bug #1412148 - containerd: container did not start before the specified timeout https://bugzilla.redhat.com/show_bug.cgi?id=1412148 [ 2 ] Bug #1412147 - CVE-2016-9962 docker: Insecure opening of file-descriptor allows privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1412147

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade docker' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: docker
Product: Fedora 25
Version: 1.12.6
Release: 3.git51ef5a8.fc25
Summary: Automates deployment of containerized applications

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.