Full Disclosure mailing list archives
Re: [oss-security] Docker 1.12.6 - Security Advisory
From: Andreas Stieger <astieger () suse com>
Date: Wed, 11 Jan 2017 11:54:13 +0100
On 01/11/2017 03:29 AM, Kurt Seifried wrote:
On Tue, Jan 10, 2017 at 6:58 PM, Nathan McCauley <nathan.mccauley () docker com[CVE-2016-9962] Insecure opening of file-descriptor allows privilege escalation [...] Credit for this discovery goes to Aleksa Sarai from SUSE and Tõnis Tiigi from Docker.Can you post a link to a patch for this issue, or to a bug entry with additional details, or the download site at a minimum? Thanks!
https://bugzilla.suse.com/show_bug.cgi?id=1012568 https://github.com/docker/docker/compare/v1.12.5...v1.12.6 https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5 Andreas -- Andreas Stieger <astieger () suse com> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Docker 1.12.6 - Security Advisory Nathan McCauley (Jan 10)
- Re: [oss-security] Docker 1.12.6 - Security Advisory Kurt Seifried (Jan 10)
- Re: [oss-security] Docker 1.12.6 - Security Advisory Andreas Stieger (Jan 11)
- Re: [oss-security] Docker 1.12.6 - Security Advisory Kurt Seifried (Jan 10)