Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.876767
Category:Fedora Local Security Checks
Title:Fedora Update for lxcfs FEDORA-2019-c1dac1b3b8
Summary:The remote host is missing an update for the 'lxcfs'; package(s) announced via the FEDORA-2019-c1dac1b3b8 advisory.
Description:Summary:
The remote host is missing an update for the 'lxcfs'
package(s) announced via the FEDORA-2019-c1dac1b3b8 advisory.

Vulnerability Insight:
LXCFS is a simple userspace filesystem designed to work around some
current limitations of the Linux kernel.

Specifically, it', s providing two main things

- A set of files which can be bind-mounted over their /proc originals
to provide CGroup-aware values.

- A cgroupfs-like tree which is container aware.

The code is pretty simple, written in C using libfuse.

The main driver for this work was the need to run systemd based
containers as a regular unprivileged user while still allowing systemd
inside the container to interact with cgroups.

Now with the introduction of the cgroup namespace in the Linux kernel,
that part is no longer necessary on recent kernels and focus is now on
making containers feel more like a real independent system through the
proc masking feature.

Affected Software/OS:
'lxcfs' package(s) on Fedora 29.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-5736
BugTraq ID: 106976
http://www.securityfocus.com/bid/106976
Cisco Security Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc
https://www.exploit-db.com/exploits/46359/
https://www.exploit-db.com/exploits/46369/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/
https://security.gentoo.org/glsa/202003-21
http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
https://access.redhat.com/security/cve/cve-2019-5736
https://access.redhat.com/security/vulnerabilities/runcescape
https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
https://brauner.github.io/2019/02/12/privileged-containers.html
https://bugzilla.suse.com/show_bug.cgi?id=1121967
https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
https://github.com/Frichetten/CVE-2019-5736-PoC
https://github.com/docker/docker-ce/releases/tag/v18.09.2
https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
https://github.com/q3k/cve-2019-5736-poc
https://github.com/rancher/runc-cve
https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
https://www.openwall.com/lists/oss-security/2019/02/11/2
https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e@%3Cdev.dlab.apache.org%3E
https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46@%3Cdev.dlab.apache.org%3E
https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3@%3Cdev.dlab.apache.org%3E
https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587@%3Cdev.dlab.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c@%3Cdev.mesos.apache.org%3E
https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706@%3Cuser.mesos.apache.org%3E
http://www.openwall.com/lists/oss-security/2019/03/23/1
http://www.openwall.com/lists/oss-security/2019/06/28/2
http://www.openwall.com/lists/oss-security/2019/07/06/3
http://www.openwall.com/lists/oss-security/2019/07/06/4
http://www.openwall.com/lists/oss-security/2019/10/24/1
http://www.openwall.com/lists/oss-security/2019/10/29/3
RedHat Security Advisories: RHSA-2019:0303
https://access.redhat.com/errata/RHSA-2019:0303
RedHat Security Advisories: RHSA-2019:0304
https://access.redhat.com/errata/RHSA-2019:0304
RedHat Security Advisories: RHSA-2019:0401
https://access.redhat.com/errata/RHSA-2019:0401
RedHat Security Advisories: RHSA-2019:0408
https://access.redhat.com/errata/RHSA-2019:0408
RedHat Security Advisories: RHSA-2019:0975
https://access.redhat.com/errata/RHSA-2019:0975
SuSE Security Announcement: openSUSE-SU-2019:1079 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html
SuSE Security Announcement: openSUSE-SU-2019:1227 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html
SuSE Security Announcement: openSUSE-SU-2019:1275 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html
SuSE Security Announcement: openSUSE-SU-2019:1444 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html
SuSE Security Announcement: openSUSE-SU-2019:1481 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
SuSE Security Announcement: openSUSE-SU-2019:1499 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html
SuSE Security Announcement: openSUSE-SU-2019:1506 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html
SuSE Security Announcement: openSUSE-SU-2019:2021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
SuSE Security Announcement: openSUSE-SU-2019:2245 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html
SuSE Security Announcement: openSUSE-SU-2019:2286 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html
https://usn.ubuntu.com/4048-1/
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.