[PLUG] runc/docker hole

jeff on 12 Feb 2019 04:47:40 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] runc/docker hole

From: jeff <jeffv@op.net>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: [PLUG] runc/docker hole
Date: Tue, 12 Feb 2019 07:47:34 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastmailservice.net; s=20180828_2048; t=1549975655; bh=zZE1pMR3FfCeagMkC776IdAfvM98zl+PmjrwuTXWjWQ=; h=Received:Received:To:From:Subject:Message-ID:Date:MIME-Version: Content-Type; b=XEUN0SgA02aPpE7ODtgOrn3B6/H9IxJoBp8O9V76RDU9ZpXkv2pR5/PxBjAksnCcy IT0yS0U68hCR/Wf3mybyRKdg5zdzm075THr1efe06cbMebC9QVaHcryvXzaqqd+Pj7 EOQGMnGFPNpcrQe4rVffNOQDuMaIHBLoKjDOa4hQUVDhEvXxaoHuwrXKfqm4wu2czh VGumodISqr8VBqWZPulPcktuTGJyKX3kXRYIGVSgwyLWfkmv3L6EWrUIeLkrtADpbg 4eKlH02UpvM8b3VuZhmvfWUHzrARkR+RmI1g9dEfsqKUZtFPOs6wEZXfKijxNQDNxJ wXVwMXkm+vNOA==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0

https://www.zdnet.com/article/doomsday-docker-security-hole-uncovered/

How bad is this? As bad as you can imagine. Scott McCarty, Red Hattechnical product manager for containers, warned:

The disclosure of a security flaw (CVE-2019-5736) in runc anddocker illustrates a bad scenario for many IT administrators, managers,and CxOs. Containers represent a move back toward shared systems whereapplications from many different users all run on the same Linux host.Exploiting this vulnerability means that malicious code couldpotentially break containment, impacting not just a single container,but the entire container host, ultimately compromising thehundreds-to-thousands of other containers running on it. While there arevery few incidents that could qualify as a doomsday scenario forenterprise IT, a cascading set of exploits affecting a wide range ofinterconnected production systems qualifies...and that's exactly whatthis vulnerability represents."

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] runc/docker hole
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] runc/docker hole
  - From: Rich Kulawiec <rsk@gsp.org>

Prev by Date: Re: [PLUG] Can learning ham radio make for better engineers and software developers?
Next by Date: Re: [PLUG] runc/docker hole
Previous by thread: Re: [PLUG] Can learning ham radio make for better engineers and software developers?
Next by thread: Re: [PLUG] runc/docker hole
Index(es):
- Date
- Thread