QwikSec

Security Database

CVE

CWE

Training

CVE-2019-16884

Published: Sep 25, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/opencontainers/runc/issues/2128

FEDORA-2019-bd4843561c

vendor-advisory

FEDORA-2019-3fc86a518b

vendor-advisory

FEDORA-2019-96946c39dd

vendor-advisory

openSUSE-SU-2019:2418

vendor-advisory

openSUSE-SU-2019:2434

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

openSUSE-SU-2020:0045

vendor-advisory

vendor-advisory

vendor-advisory

https://security.netapp.com/advisory/ntap-20220221-0004/

[debian-lts-announce] 20230218 [SECURITY] [DLA 3322-1] golang-github-opencontainers-selinux security update

mailing-list

[debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.