Authentication mechanism absence or evasion In github.com/opencontainers/runc/libcontainer
Description
Incorrect Authorization in runc runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 go | v1.0.0-rc9 | ||
 debian 11 | 1.3.0-2 | ||
debian 13 | 1.3.0-2 | ||
debian 12 | 1.3.0-2 | ||
debian 13 | 1.0.0~rc9+dfsg1-1 | ||
go | 1.0.0-rc8.0.20190930145003-cad42f6e0932 | ||
go | 1.3.1-0.20190929122143-5215b1806f52 | ||
debian 11 | 1.0.0~rc9+dfsg1-1 | ||
debian 14 | 1.0.0~rc9+dfsg1-1 | ||
debian 14 | 1.3.0-2 |
1-10 of 12
10
Aliases
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11.
References
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15.