2017-03-23 07:24:28 |
Yubao Liu |
bug |
|
|
added bug |
2017-03-23 07:26:17 |
Yubao Liu |
information type |
Private Security |
Public |
|
2017-03-23 07:26:58 |
Yubao Liu |
cve linked |
|
2016-8867 |
|
2017-03-23 07:38:05 |
Yubao Liu |
bug |
|
|
added subscriber Debian PTS |
2017-03-27 23:09:37 |
Launchpad Janitor |
runc (Ubuntu): status |
New |
Fix Released |
|
2017-03-28 00:45:06 |
Michael Hudson-Doyle |
nominated for series |
|
Ubuntu Yakkety |
|
2017-03-28 00:45:06 |
Michael Hudson-Doyle |
bug task added |
|
runc (Ubuntu Yakkety) |
|
2017-03-28 00:45:06 |
Michael Hudson-Doyle |
nominated for series |
|
Ubuntu Xenial |
|
2017-03-28 00:45:06 |
Michael Hudson-Doyle |
bug task added |
|
runc (Ubuntu Xenial) |
|
2017-03-28 00:56:59 |
Michael Hudson-Doyle |
description |
https://github.com/docker/docker/issues/27590#issuecomment-255241013
The steps are very clear, it's very easy to recur, so I don't repeat here.
The CVE link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8867 |
[Impact]
https://github.com/docker/docker/issues/27590#issuecomment-255241013
The steps are very clear, it's very easy to recur, so I don't repeat here.
The CVE link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8867
[Test case]
$ tmp=$(mktemp -d)
$ cd $tmp
$ cat > Dockerfile << EOF
FROM debian
RUN useradd example
RUN id
USER example
RUN id
RUN cat /etc/shadow
CMD /bin/bash
EOF
$ docker build --no-cache -t example .
The 'cat /etc/shadow' in the Dockerfile should fail.
[Regression potential]
We're fixing this by moving to the exact commit of runc the docker 1.12.6 release expects, so there shouldn't be any issues. In addition https://wiki.ubuntu.com/DockerUpdates applies. |
|
2017-04-06 08:43:16 |
Łukasz Zemczak |
runc (Ubuntu Yakkety): status |
New |
Fix Committed |
|
2017-04-06 08:43:19 |
Łukasz Zemczak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2017-04-06 08:43:20 |
Łukasz Zemczak |
bug |
|
|
added subscriber SRU Verification |
2017-04-06 08:43:24 |
Łukasz Zemczak |
tags |
|
verification-needed |
|
2017-04-06 08:54:32 |
Łukasz Zemczak |
runc (Ubuntu Xenial): status |
New |
Fix Committed |
|
2017-07-11 04:13:09 |
Michael Hudson-Doyle |
tags |
verification-needed |
verification-done-trusty |
|
2017-07-11 04:13:27 |
Michael Hudson-Doyle |
tags |
verification-done-trusty |
verification-done-xenial |
|
2017-07-11 04:19:22 |
Launchpad Janitor |
runc (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2017-07-11 04:19:27 |
Chris Halse Rogers |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2017-07-11 04:27:06 |
Michael Hudson-Doyle |
runc (Ubuntu Yakkety): status |
Fix Committed |
Won't Fix |
|