Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1390163 - (CVE-2016-8867) CVE-2016-8867 docker: Ambient capability usage in containers
CVE-2016-8867 docker: Ambient capability usage in containers
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20161024,repor...
: Security
Depends On: 1390104
Blocks:
  Show dependency treegraph
 
Reported: 2016-10-31 07:27 EDT by Andrej Nemec
Modified: 2018-06-29 18:15 EDT (History)
27 users (show)

See Also:
Fixed In Version: docker 1.12.3
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Andrej Nemec 2016-10-31 07:27:14 EDT 
It was found that Docker 1.12.2 did not correctly apply user permissions in containers

Upstream bug:

https://github.com/docker/docker/issues/27590

Upstream patch:

https://github.com/docker/docker/pull/27610/commits/d60a3418d0268745dff38947bc8c929fbd24f837
Comment 1 Florian Weimer 2016-10-31 15:41:51 EDT 
This seems to be the actual fix attempt:

https://github.com/opencontainers/runc/commit/a83f5bac28554fa0fd49bc1559a3c79f5907348f

The fix looks correct.  It deals with an embedded ')', as long as newer kernel versions do not add more non-escaped free-text fields at the end which could contain another ')'.
Comment 2 Antonio Murdaca 2016-10-31 16:39:37 EDT 
No, the actual fix was to revert the commit which introduced ambient capabilities in runc afaict (I don't have the link handy). 

The runc version we use in projectatomic/runc in branch docker-1.12.3 contains the actual fix. 

That commit is just a fix for a panic afaict (?)
Comment 3 Florian Weimer 2016-10-31 17:01:21 EDT 
(In reply to Antonio Murdaca from comment #2)
> No, the actual fix was to revert the commit which introduced ambient
> capabilities in runc afaict (I don't have the link handy). 
> 
> The runc version we use in projectatomic/runc in branch docker-1.12.3
> contains the actual fix. 
> 
> That commit is just a fix for a panic afaict (?)

Ohh, that might be the case.  I thought it might cause the process start time to be misidentified, which could be a security problem in itself because PID and start time are sometimes (ab)used as a unique ID.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.