[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[atomic-announce] runc CVE-2019-5736 and Atomic Host
- From: Dusty Mabe <dusty dustymabe com>
- To: atomic-devel projectatomic io, atomic lists fedoraproject org, atomic projectatomic io, atomic-announce projectatomic io
- Subject: [atomic-announce] runc CVE-2019-5736 and Atomic Host
- Date: Wed, 13 Feb 2019 19:06:28 -0500
We are planning to do a release next week with updated versions of software that
don't contain the exploit. We are not doing a release this week because there are
two lines of defense that block this exploit on Atomic Host:
1. /usr/ is mounted read-only
2. SELinux is enabled by default
SELinux blocks this exploit and /usr/ being read-only prevents the runc binary from
being overwritten. Even if you had disabled SELinux /usr/ is still mounted read only
so you're Atomic Host systems should be safe.
Dusty
https://nvd.nist.gov/vuln/detail/CVE-2019-5736
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]