[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[atomic] runc CVE-2019-5736 and Atomic Host

From: Dusty Mabe <dusty dustymabe com>
To: atomic-devel projectatomic io, atomic lists fedoraproject org, atomic projectatomic io, atomic-announce projectatomic io
Subject: [atomic] runc CVE-2019-5736 and Atomic Host
Date: Wed, 13 Feb 2019 19:06:28 -0500

We are planning to do a release next week with updated versions of software that
don't contain the exploit. We are not doing a release this week because there are 
two lines of defense that block this exploit on Atomic Host:

1. /usr/ is mounted read-only
2. SELinux is enabled by default

SELinux blocks this exploit and /usr/ being read-only prevents the runc binary from
being overwritten. Even if you had disabled SELinux /usr/ is still mounted read only
so you're Atomic Host systems should be safe.

Dusty

https://nvd.nist.gov/vuln/detail/CVE-2019-5736

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]