Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 Jan 2017 19:29:40 -0700
From: Kurt Seifried <>
To: oss-security <>
Subject: Re: Docker 1.12.6 - Security Advisory

Can you post a link to a patch for this issue, or to a bug entry with
additional details, or the download site at a minimum? Thanks!

On Tue, Jan 10, 2017 at 6:58 PM, Nathan McCauley <
> wrote:

> Docker Engine version 1.12.6 has been released to address a vulnerability
> and is immediately available for all supported platforms. Users are advised
> to upgrade existing installations of the Docker Engine and use 1.12.6 for
> new installations.
> Please send any questions to
> ==============================================================
> [CVE-2016-9962] Insecure opening of file-descriptor allows privilege
> escalation
> ==============================================================
> RunC allowed additional container processes via `runc exec` to be ptraced
> by the pid 1 of the container.  This allows the main processes of the
> container, if running as root, to gain access to file-descriptors of these
> new processes during the initialization and can lead to container escapes
> or modification of runC state before the process is fully placed inside the
> container
> Credit for this discovery goes to Aleksa Sarai from SUSE and T├Ánis Tiigi
> from Docker.


Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact:

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.