In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
Created docker tracking bugs for this issue:
Affects: fedora-all [bug 1747223]
Affects: openstack-rdo [bug 1747224]
According to upstream this flaw affects only versions that use Go 1.11 (see https://github.com/moby/moby/pull/39612#issuecomment-517999360).
This issue did not affect the versions of docker as shipped with Red Hat Enterprise Linux 7 as they did not use Go 1.11.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):