Address runc CVE-2019-573

Question

Address runc CVE-2019-573

simonswine opened this issue 6 years ago · 3 comments

simonswine commented 6 years ago

Is this a BUG REPORT or FEATURE REQUEST?:

Uncomment only one, leave it on its own line:

/kind bug

/kind feature

What happened:

A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system.
https://access.redhat.com/security/cve/cve-2019-5736

What you expected to happen:

We should upgrade docker once centos packages become available

Answer 1 · 2019-02-12T17:12:39.000Z

I managed to build the latest docker from centos git here:

https://github.com/simonswine/centos-build-docker-rpms

It seems to work fine, I assume that the package will come through in the next hours on the official centos resources

Answer 2 · 2019-02-19T09:53:43.000Z

This is fixed with Tarmak 0.5.4 and I think we can close this :)
/close

Answer 3 · 2019-02-19T09:53:46.000Z

@MattiasGees: Closing this issue.

In response to this:

This is fixed with Tarmak 0.5.4 and I think we can close this :)
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.