csaf_opensuse - opensuse-su-2019:2021-1

opensuse-su-2019:2021-1

Vulnerability from csaf_opensuse

Published

2019-08-29 16:21

Modified

2019-08-29 16:21

Summary

Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork

Notes

Title of the patch

Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork

Description of the patch

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker: - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409). - CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160). - Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649). runc: - Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920). - Update to runc 425e105d5a03, which is required by Docker (bsc#1139649). containerd: - CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967). - Update to containerd v1.2.6, which is required by docker (bsc#1139649). golang-github-docker-libnetwork: - Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649). This update was imported from the SUSE:SLE-15:Update update project.

Patchnames

openSUSE-2019-2021

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues:\n\nDocker:\n\n- CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409).\n- CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160).\n- Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649).\n\nrunc:\n\n- Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920).\n- Update to runc 425e105d5a03, which is required by Docker (bsc#1139649).\n\ncontainerd:\n\n- CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967).\n- Update to containerd v1.2.6, which is required by docker (bsc#1139649).\n\ngolang-github-docker-libnetwork:\n\n- Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2019-2021",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2021-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2019:2021-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/22XH5BZGCHAOESP2KM3ZT4XHBXIVMEZK/#22XH5BZGCHAOESP2KM3ZT4XHBXIVMEZK"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2019:2021-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/22XH5BZGCHAOESP2KM3ZT4XHBXIVMEZK/#22XH5BZGCHAOESP2KM3ZT4XHBXIVMEZK"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1100331",
        "url": "https://bugzilla.suse.com/1100331"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1121967",
        "url": "https://bugzilla.suse.com/1121967"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1138920",
        "url": "https://bugzilla.suse.com/1138920"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1139649",
        "url": "https://bugzilla.suse.com/1139649"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1142160",
        "url": "https://bugzilla.suse.com/1142160"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1142413",
        "url": "https://bugzilla.suse.com/1142413"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1143409",
        "url": "https://bugzilla.suse.com/1143409"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10892 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10892/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-13509 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-13509/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14271 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14271/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-5736 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-5736/"
      }
    ],
    "title": "Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork",
    "tracking": {
      "current_release_date": "2019-08-29T16:21:56Z",
      "generator": {
        "date": "2019-08-29T16:21:56Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2019:2021-1",
      "initial_release_date": "2019-08-29T16:21:56Z",
      "revision_history": [
        {
          "date": "2019-08-29T16:21:56Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
                "product": {
                  "name": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
                  "product_id": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
                "product": {
                  "name": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
                  "product_id": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "containerd-1.2.6-lp151.2.6.1.x86_64",
                "product": {
                  "name": "containerd-1.2.6-lp151.2.6.1.x86_64",
                  "product_id": "containerd-1.2.6-lp151.2.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
                "product": {
                  "name": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
                  "product_id": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "docker-19.03.1_ce-lp151.2.12.1.x86_64",
                "product": {
                  "name": "docker-19.03.1_ce-lp151.2.12.1.x86_64",
                  "product_id": "docker-19.03.1_ce-lp151.2.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
                "product": {
                  "name": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
                  "product_id": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
                "product": {
                  "name": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
                  "product_id": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
                "product": {
                  "name": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
                  "product_id": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
                "product": {
                  "name": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
                  "product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.0",
                "product": {
                  "name": "openSUSE Leap 15.0",
                  "product_id": "openSUSE Leap 15.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "containerd-1.2.6-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64"
        },
        "product_reference": "containerd-1.2.6-lp151.2.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64"
        },
        "product_reference": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-19.03.1_ce-lp151.2.12.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64"
        },
        "product_reference": "docker-19.03.1_ce-lp151.2.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch"
        },
        "product_reference": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
        },
        "product_reference": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64"
        },
        "product_reference": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64"
        },
        "product_reference": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch"
        },
        "product_reference": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
        },
        "product_reference": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "containerd-1.2.6-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64"
        },
        "product_reference": "containerd-1.2.6-lp151.2.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64"
        },
        "product_reference": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-19.03.1_ce-lp151.2.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64"
        },
        "product_reference": "docker-19.03.1_ce-lp151.2.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch"
        },
        "product_reference": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
        },
        "product_reference": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64"
        },
        "product_reference": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64"
        },
        "product_reference": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch"
        },
        "product_reference": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
        },
        "product_reference": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-10892",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10892"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host\u0027s hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
          "openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
          "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
          "openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
          "openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
          "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
          "openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
          "openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
          "openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
          "openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
          "openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10892",
          "url": "https://www.suse.com/security/cve/CVE-2018-10892"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1100331 for CVE-2018-10892",
          "url": "https://bugzilla.suse.com/1100331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1100838 for CVE-2018-10892",
          "url": "https://bugzilla.suse.com/1100838"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
            "openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
            "openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
            "openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
            "openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-08-29T16:21:56Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-10892"
    },
    {
      "cve": "CVE-2019-13509",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-13509"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
          "openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
          "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
          "openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
          "openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
          "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
          "openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
          "openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
          "openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
          "openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
          "openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-13509",
          "url": "https://www.suse.com/security/cve/CVE-2019-13509"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1142160 for CVE-2019-13509",
          "url": "https://bugzilla.suse.com/1142160"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
            "openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
            "openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
            "openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
            "openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-08-29T16:21:56Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-13509"
    },
    {
      "cve": "CVE-2019-14271",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14271"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
          "openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
          "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
          "openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
          "openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
          "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
          "openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
          "openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
          "openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
          "openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
          "openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14271",
          "url": "https://www.suse.com/security/cve/CVE-2019-14271"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1143409 for CVE-2019-14271",
          "url": "https://bugzilla.suse.com/1143409"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
            "openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
            "openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
            "openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
            "openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-08-29T16:21:56Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-14271"
    },
    {
      "cve": "CVE-2019-5736",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-5736"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
          "openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
          "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
          "openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
          "openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
          "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
          "openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
          "openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
          "openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
          "openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
          "openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
          "openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-5736",
          "url": "https://www.suse.com/security/cve/CVE-2019-5736"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1121967 for CVE-2019-5736",
          "url": "https://bugzilla.suse.com/1121967"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1122185 for CVE-2019-5736",
          "url": "https://bugzilla.suse.com/1122185"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173421 for CVE-2019-5736",
          "url": "https://bugzilla.suse.com/1173421"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218894 for CVE-2019-5736",
          "url": "https://bugzilla.suse.com/1218894"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
            "openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
            "openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
            "openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
            "openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
            "openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
            "openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
            "openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-08-29T16:21:56Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-5736"
    }
  ]
}

CVE-2019-13509 (GCVE-0-2019-13509)

Vulnerability from cvelistv5

Published

2019-07-18 15:34

Modified

2024-08-04 23:57

Severity ?

CWE

Summary

In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.

References

►

URL

Tags

	https://docs.docker.com/engine/release-notes/	x_refsource_MISC
	http://www.securityfocus.com/bid/109253	vdb-entry, x_refsource_BID
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU/	vendor-advisory, x_refsource_FEDORA
	https://security.netapp.com/advisory/ntap-20190828-0003/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html	vendor-advisory, x_refsource_SUSE
	https://www.debian.org/security/2019/dsa-4521	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Sep/21	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:57:39.278Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.docker.com/engine/release-notes/"
          },
          {
            "name": "109253",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/109253"
          },
          {
            "name": "FEDORA-2019-5b54793a4a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC/"
          },
          {
            "name": "FEDORA-2019-4bed83e978",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190828-0003/"
          },
          {
            "name": "openSUSE-SU-2019:2021",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
          },
          {
            "name": "DSA-4521",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4521"
          },
          {
            "name": "20190910 [SECURITY] [DSA 4521-1] docker.io security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Sep/21"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-10T17:06:14",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.docker.com/engine/release-notes/"
        },
        {
          "name": "109253",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/109253"
        },
        {
          "name": "FEDORA-2019-5b54793a4a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC/"
        },
        {
          "name": "FEDORA-2019-4bed83e978",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190828-0003/"
        },
        {
          "name": "openSUSE-SU-2019:2021",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
        },
        {
          "name": "DSA-4521",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4521"
        },
        {
          "name": "20190910 [SECURITY] [DSA 4521-1] docker.io security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Sep/21"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-13509",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://docs.docker.com/engine/release-notes/",
              "refsource": "MISC",
              "url": "https://docs.docker.com/engine/release-notes/"
            },
            {
              "name": "109253",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/109253"
            },
            {
              "name": "FEDORA-2019-5b54793a4a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC/"
            },
            {
              "name": "FEDORA-2019-4bed83e978",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190828-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190828-0003/"
            },
            {
              "name": "openSUSE-SU-2019:2021",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
            },
            {
              "name": "DSA-4521",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4521"
            },
            {
              "name": "20190910 [SECURITY] [DSA 4521-1] docker.io security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Sep/21"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-13509",
    "datePublished": "2019-07-18T15:34:59",
    "dateReserved": "2019-07-11T00:00:00",
    "dateUpdated": "2024-08-04T23:57:39.278Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-5736 (GCVE-0-2019-5736)

Vulnerability from cvelistv5

Published

2019-02-11 00:00

Modified

2024-08-04 20:01

Severity ?

CWE

Summary

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

References

►

URL

Tags

	https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
	https://access.redhat.com/errata/RHSA-2019:0408	vendor-advisory
	https://github.com/rancher/runc-cve
	https://access.redhat.com/errata/RHSA-2019:0401	vendor-advisory
	https://github.com/docker/docker-ce/releases/tag/v18.09.2
	https://www.synology.com/security/advisory/Synology_SA_19_06
	https://security.netapp.com/advisory/ntap-20190307-0008/
	https://access.redhat.com/errata/RHSA-2019:0303	vendor-advisory
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc	vendor-advisory
	https://github.com/q3k/cve-2019-5736-poc
	https://www.exploit-db.com/exploits/46359/	exploit
	https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
	https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
	https://www.openwall.com/lists/oss-security/2019/02/11/2
	https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
	https://access.redhat.com/security/cve/cve-2019-5736
	https://www.exploit-db.com/exploits/46369/	exploit
	https://access.redhat.com/errata/RHSA-2019:0304	vendor-advisory
	https://github.com/Frichetten/CVE-2019-5736-PoC
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
	https://brauner.github.io/2019/02/12/privileged-containers.html
	https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
	https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
	http://www.securityfocus.com/bid/106976	vdb-entry
	https://access.redhat.com/security/vulnerabilities/runcescape
	https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
	https://bugzilla.suse.com/show_bug.cgi?id=1121967
	https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E	mailing-list
	https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E	mailing-list
	http://www.openwall.com/lists/oss-security/2019/03/23/1	mailing-list
	https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
	http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/	vendor-advisory
	https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944
	https://access.redhat.com/errata/RHSA-2019:0975	vendor-advisory
	https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
	https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
	https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E	mailing-list
	https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html	vendor-advisory
	http://www.openwall.com/lists/oss-security/2019/06/28/2	mailing-list
	http://www.openwall.com/lists/oss-security/2019/07/06/3	mailing-list
	http://www.openwall.com/lists/oss-security/2019/07/06/4	mailing-list
	https://usn.ubuntu.com/4048-1/	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/	vendor-advisory
	https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html	vendor-advisory
	http://www.openwall.com/lists/oss-security/2019/10/24/1	mailing-list
	http://www.openwall.com/lists/oss-security/2019/10/29/3	mailing-list
	https://security.gentoo.org/glsa/202003-21	vendor-advisory
	https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E	mailing-list
	https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E	mailing-list
	http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
	http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
	http://www.openwall.com/lists/oss-security/2024/01/31/6	mailing-list
	http://www.openwall.com/lists/oss-security/2024/02/01/1	mailing-list
	http://www.openwall.com/lists/oss-security/2024/02/02/3	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:01:52.208Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d"
          },
          {
            "name": "RHSA-2019:0408",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0408"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/rancher/runc-cve"
          },
          {
            "name": "RHSA-2019:0401",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0401"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/docker/docker-ce/releases/tag/v18.09.2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_06"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190307-0008/"
          },
          {
            "name": "RHSA-2019:0303",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0303"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/q3k/cve-2019-5736-poc"
          },
          {
            "name": "46359",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/46359/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2019/02/11/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2019-5736"
          },
          {
            "name": "46369",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/46369/"
          },
          {
            "name": "RHSA-2019:0304",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0304"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/Frichetten/CVE-2019-5736-PoC"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03913en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://brauner.github.io/2019/02/12/privileged-containers.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc"
          },
          {
            "name": "106976",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106976"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/runcescape"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1121967"
          },
          {
            "name": "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E"
          },
          {
            "name": "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E"
          },
          {
            "name": "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/03/23/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003"
          },
          {
            "name": "openSUSE-SU-2019:1079",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
          },
          {
            "name": "openSUSE-SU-2019:1227",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
          },
          {
            "name": "openSUSE-SU-2019:1275",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
          },
          {
            "name": "FEDORA-2019-bc70b381ad",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/"
          },
          {
            "name": "FEDORA-2019-6174b47003",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944"
          },
          {
            "name": "RHSA-2019:0975",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0975"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/"
          },
          {
            "name": "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E"
          },
          {
            "name": "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E"
          },
          {
            "name": "openSUSE-SU-2019:1444",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
          },
          {
            "name": "openSUSE-SU-2019:1481",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
          },
          {
            "name": "openSUSE-SU-2019:1499",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2019:1506",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
          },
          {
            "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
          },
          {
            "name": "USN-4048-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4048-1/"
          },
          {
            "name": "openSUSE-SU-2019:2021",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
          },
          {
            "name": "FEDORA-2019-2baa1f7b19",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/"
          },
          {
            "name": "FEDORA-2019-c1dac1b3b8",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/"
          },
          {
            "name": "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E"
          },
          {
            "name": "openSUSE-SU-2019:2245",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html"
          },
          {
            "name": "openSUSE-SU-2019:2286",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html"
          },
          {
            "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
          },
          {
            "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
          },
          {
            "name": "GLSA-202003-21",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-21"
          },
          {
            "name": "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html"
          },
          {
            "name": "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/01/31/6"
          },
          {
            "name": "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/02/01/1"
          },
          {
            "name": "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/02/02/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-02-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-02T12:06:25.591627",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d"
        },
        {
          "name": "RHSA-2019:0408",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0408"
        },
        {
          "url": "https://github.com/rancher/runc-cve"
        },
        {
          "name": "RHSA-2019:0401",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0401"
        },
        {
          "url": "https://github.com/docker/docker-ce/releases/tag/v18.09.2"
        },
        {
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_06"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20190307-0008/"
        },
        {
          "name": "RHSA-2019:0303",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0303"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc"
        },
        {
          "url": "https://github.com/q3k/cve-2019-5736-poc"
        },
        {
          "name": "46359",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/46359/"
        },
        {
          "url": "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b"
        },
        {
          "url": "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2019/02/11/2"
        },
        {
          "url": "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/"
        },
        {
          "url": "https://access.redhat.com/security/cve/cve-2019-5736"
        },
        {
          "name": "46369",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/46369/"
        },
        {
          "name": "RHSA-2019:0304",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0304"
        },
        {
          "url": "https://github.com/Frichetten/CVE-2019-5736-PoC"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03913en_us"
        },
        {
          "url": "https://brauner.github.io/2019/02/12/privileged-containers.html"
        },
        {
          "url": "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/"
        },
        {
          "url": "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc"
        },
        {
          "name": "106976",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/106976"
        },
        {
          "url": "https://access.redhat.com/security/vulnerabilities/runcescape"
        },
        {
          "url": "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html"
        },
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1121967"
        },
        {
          "name": "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E"
        },
        {
          "name": "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E"
        },
        {
          "name": "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/03/23/1"
        },
        {
          "url": "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003"
        },
        {
          "name": "openSUSE-SU-2019:1079",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
        },
        {
          "name": "openSUSE-SU-2019:1227",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
        },
        {
          "name": "openSUSE-SU-2019:1275",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
        },
        {
          "name": "FEDORA-2019-bc70b381ad",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/"
        },
        {
          "name": "FEDORA-2019-6174b47003",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/"
        },
        {
          "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944"
        },
        {
          "name": "RHSA-2019:0975",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0975"
        },
        {
          "url": "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/"
        },
        {
          "url": "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/"
        },
        {
          "name": "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E"
        },
        {
          "name": "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E"
        },
        {
          "name": "openSUSE-SU-2019:1444",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
        },
        {
          "name": "openSUSE-SU-2019:1481",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
        },
        {
          "name": "openSUSE-SU-2019:1499",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2019:1506",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
        },
        {
          "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
        },
        {
          "name": "USN-4048-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4048-1/"
        },
        {
          "name": "openSUSE-SU-2019:2021",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
        },
        {
          "name": "FEDORA-2019-2baa1f7b19",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/"
        },
        {
          "name": "FEDORA-2019-c1dac1b3b8",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/"
        },
        {
          "name": "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E"
        },
        {
          "name": "openSUSE-SU-2019:2245",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html"
        },
        {
          "name": "openSUSE-SU-2019:2286",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html"
        },
        {
          "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
        },
        {
          "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
        },
        {
          "name": "GLSA-202003-21",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202003-21"
        },
        {
          "name": "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "url": "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html"
        },
        {
          "name": "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/01/31/6"
        },
        {
          "name": "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/02/01/1"
        },
        {
          "name": "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/02/02/3"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-5736",
    "datePublished": "2019-02-11T00:00:00",
    "dateReserved": "2019-01-08T00:00:00",
    "dateUpdated": "2024-08-04T20:01:52.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10892 (GCVE-0-2018-10892)

Vulnerability from cvelistv5

Published

2018-07-06 16:00

Modified

2024-08-05 07:54

Severity ?

6.3 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CWE

CWE-250

Summary

The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.

References

►

URL

Tags

	https://github.com/moby/moby/pull/37404	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:2729	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2482	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html	vendor-advisory, x_refsource_SUSE
	https://access.redhat.com/errata/RHBA-2018:2796	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	[UNKNOWN]	docker	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:54:34.913Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/moby/moby/pull/37404"
          },
          {
            "name": "RHSA-2018:2729",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2729"
          },
          {
            "name": "RHSA-2018:2482",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2482"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892"
          },
          {
            "name": "openSUSE-SU-2019:2021",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
          },
          {
            "name": "RHBA-2018:2796",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2018:2796"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "docker",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host\u0027s hardware like enabling/disabling bluetooth or turning up/down keyboard brightness."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-20T07:06:08",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/moby/moby/pull/37404"
        },
        {
          "name": "RHSA-2018:2729",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2729"
        },
        {
          "name": "RHSA-2018:2482",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2482"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892"
        },
        {
          "name": "openSUSE-SU-2019:2021",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
        },
        {
          "name": "RHBA-2018:2796",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2018:2796"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-10892",
    "datePublished": "2018-07-06T16:00:00",
    "dateReserved": "2018-05-09T00:00:00",
    "dateUpdated": "2024-08-05T07:54:34.913Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14271 (GCVE-0-2019-14271)

Vulnerability from cvelistv5

Published

2019-07-29 17:05

Modified

2024-08-05 00:12

Severity ?

CWE

Summary

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.

References

►

URL

Tags

	https://github.com/moby/moby/issues/39449	x_refsource_MISC
	https://docs.docker.com/engine/release-notes/	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20190828-0003/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html	vendor-advisory, x_refsource_SUSE
	https://www.debian.org/security/2019/dsa-4521	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Sep/21	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:12:43.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/moby/moby/issues/39449"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://docs.docker.com/engine/release-notes/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190828-0003/"
          },
          {
            "name": "openSUSE-SU-2019:2021",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
          },
          {
            "name": "DSA-4521",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4521"
          },
          {
            "name": "20190910 [SECURITY] [DSA 4521-1] docker.io security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Sep/21"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-10T17:06:14",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/moby/moby/issues/39449"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://docs.docker.com/engine/release-notes/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190828-0003/"
        },
        {
          "name": "openSUSE-SU-2019:2021",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
        },
        {
          "name": "DSA-4521",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4521"
        },
        {
          "name": "20190910 [SECURITY] [DSA 4521-1] docker.io security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Sep/21"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14271",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/moby/moby/issues/39449",
              "refsource": "MISC",
              "url": "https://github.com/moby/moby/issues/39449"
            },
            {
              "name": "https://docs.docker.com/engine/release-notes/",
              "refsource": "CONFIRM",
              "url": "https://docs.docker.com/engine/release-notes/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190828-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190828-0003/"
            },
            {
              "name": "openSUSE-SU-2019:2021",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
            },
            {
              "name": "DSA-4521",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4521"
            },
            {
              "name": "20190910 [SECURITY] [DSA 4521-1] docker.io security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Sep/21"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14271",
    "datePublished": "2019-07-29T17:05:57",
    "dateReserved": "2019-07-25T00:00:00",
    "dateUpdated": "2024-08-05T00:12:43.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2019:2021-1

Vulnerability from csaf_opensuse

CVE-2019-13509 (GCVE-0-2019-13509)

Vulnerability from cvelistv5

CVE-2019-5736 (GCVE-0-2019-5736)

Vulnerability from cvelistv5

CVE-2018-10892 (GCVE-0-2018-10892)

Vulnerability from cvelistv5

CVE-2019-14271 (GCVE-0-2019-14271)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature