Bug 1412238

Summary: CVE-2016-9962 runc: docker: insecure opening of file-descriptor allows privilege escalation [fedora-all]
Product: [Fedora] Fedora Reporter: Trevor Jay <tjay>
Component: runcAssignee: Jan Chaloupka <jchaloup>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 25CC: amurdaca, bbreard, ddarrah, dwalsh, golang-updates, imcleod, jchaloup, jhonce, lfriedma, lsm5, mjenner, mpatel, TicoTimo, tjay
Target Milestone: ---Keywords: Reopened, Security, SecurityTracking
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: runc-1.0.0-3.rc2.gitc91b5be.fc25 runc-1.0.1-1.gitc5ec254.fc25 Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-31 20:20:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1409531    

Comment 1 Fedora Update System 2017-01-11 18:34:59 UTC 
runc-1.0.0-3.rc2.gitc91b5be.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-0200646669
Comment 2 Fedora Update System 2017-01-11 18:45:06 UTC 
runc-1.0.0-3.rc2.gitc91b5be.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-19b0fe001d
Comment 3 Fedora Update System 2017-01-12 07:51:52 UTC 
runc-1.0.0-3.rc2.gitc91b5be.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-19b0fe001d
Comment 4 Fedora Update System 2017-01-12 07:53:34 UTC 
runc-1.0.0-3.rc2.gitc91b5be.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-0200646669
Comment 5 Fedora Update System 2017-01-19 05:54:43 UTC 
runc-1.0.0-3.rc2.gitc91b5be.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2017-02-01 22:09:53 UTC 
runc-1.0.0-5.rc2.gitc91b5be.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba
Comment 7 Fedora Update System 2017-02-02 21:49:30 UTC 
runc-1.0.0-5.rc2.gitc91b5be.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba
Comment 8 Fedora Update System 2017-06-02 11:35:16 UTC 
runc-1.0.0-6.git75f8da7.fc25.2 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-912c7e9a09
Comment 9 Fedora Update System 2017-06-02 13:39:52 UTC 
runc-1.0.0-7.git6394544.fc25.2 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-7dbbbafea6
Comment 10 Lokesh Mandvekar 2017-06-02 18:35:02 UTC 
Not sure why this got reopened on a new rpm udpate.
Comment 11 Fedora Update System 2017-06-03 04:37:44 UTC 
runc-1.0.0-7.git6394544.fc25.2 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-7dbbbafea6
Comment 12 Fedora Update System 2017-07-20 16:09:40 UTC 
runc-1.0.1-1.gitc5ec254.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-20cdb2063a
Comment 13 Fedora Update System 2017-07-23 06:55:59 UTC 
runc-1.0.1-1.gitc5ec254.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-20cdb2063a
Comment 14 Fedora Update System 2017-07-31 20:20:19 UTC 
runc-1.0.1-1.gitc5ec254.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.