Advisories ยป MGASA-2016-0209

Updated docker package fixes CVE-2016-3697

Publication date: 29 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-3697

Description

Updated docker packages fix security vulnerability:

It was found that Docker would launch containers under the specified UID
instead of a username. An attacker able to launch a container could use this
flaw to escalate their privileges to root within the launched container
(CVE-2016-3697).
                

References

SRPMS

5/core