[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[atomic-announce] runc CVE-2019-5736 and Atomic Host



We are planning to do a release next week with updated versions of software that
don't contain the exploit. We are not doing a release this week because there are 
two lines of defense that block this exploit on Atomic Host:

1. /usr/ is mounted read-only
2. SELinux is enabled by default

SELinux blocks this exploit and /usr/ being read-only prevents the runc binary from
being overwritten. Even if you had disabled SELinux /usr/ is still mounted read only
so you're Atomic Host systems should be safe.

Dusty

https://nvd.nist.gov/vuln/detail/CVE-2019-5736


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]