Advisories » MGASA-2016-0209

Updated docker package fixes CVE-2016-3697

Publication date: 29 May 2016
Modification date: 29 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-3697

Description

Updated docker packages fix security vulnerability:

It was found that Docker would launch containers under the specified UID
instead of a username. An attacker able to launch a container could use this
flaw to escalate their privileges to root within the launched container
(CVE-2016-3697).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18456
• https://bugzilla.suse.com/show_bug.cgi?id=976777
• https://rhn.redhat.com/errata/RHSA-2016-1034.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3697

SRPMS

5/core

• docker-1.9.1-1.1.mga5