February 11, 20197 yr Hey guys - unsure if Alpine / Unraid is impacted but passing along just in case. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736 https://seclists.org/oss-sec/2019/q1/119 repo
February 11, 20197 yr to add additional information that is not as dry: https://www.bleepingcomputer.com/news/security/runc-vulnerability-gives-attackers-root-access-on-docker-kubernetes-hosts/
February 12, 20197 yr Exploit code/POC is already available: https://github.com/feexd/pocs/tree/master/CVE-2019-5736
February 12, 20197 yr Thanks @repomanz, I was just coming here to post on this. More info in case the vendor specific info may be of assistance to anyone... I know my brain works off of keyword recognition much of the time : Amazon/AWS - https://aws.amazon.com/security/security-bulletins/AWS-2019-002/ Kubernetes - https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/ redhat - https://access.redhat.com/security/vulnerabilities/runcescape Ubuntu - https://www.ubuntuupdates.org/package/core/bionic/universe/updates/runc Kubernetes - https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/ US_CERT release - https://www.us-cert.gov/ncas/current-activity/2019/02/11/runc-Open-Source-Container-Vulnerability
February 12, 20197 yr Thanks for the reports. We did see a new docker release, 18.09.02 that addresses this. We are trying to determine if it warrants Unraid 6.6.7 patch release.
February 12, 20197 yr 37 minutes ago, limetech said: Thanks for the reports. We did see a new docker release, 18.09.02 that addresses this. We are trying to determine if it warrants Unraid 6.6.7 patch release. Security comes first. I'd say it does.
February 20, 20197 yr Is there any update with the possibility of updating docker? I only run a few, and I'm generally careful about what images I run, but as evidenced by PEAR's issue's last month even a reputable source can have malware slid in:https://blog.cpanel.com/when-php-went-pear-shaped-the-php-pear-compromise/
February 20, 20197 yr 12 minutes ago, Koden said: Is there any update with the possibility of updating docker? I only run a few, and I'm generally careful about what images I run, but as evidenced by PEAR's issue's last month even a reputable source can have malware slid in:https://blog.cpanel.com/when-php-went-pear-shaped-the-php-pear-compromise/ That didn't have anything to do with docker though, right? That said, I think we will publish 6.6.7 with an update to docker used in that release.
February 20, 20197 yr 19 minutes ago, limetech said: That didn't have anything to do with docker though, right? No, not directly; unless unRAID uses the PEAR PHP package and implemented a compromised copy... I mentioned that only as an example of how easily compromise *could* happen, even using only reputable sources (which is the #1 response when talking about vm or docker vulnerabilities usually). As a more direct example, I run a Plex docker. So if Plex's software has, or developed, a bug that allowed exploitation of the runc vulnerability, I could end up riding the proverbial smelly creek without a poop-stick! 19 minutes ago, limetech said: That said, I think we will publish 6.6.7 with an update to docker used in that release. Thank you 🙂 I for one will sleep easier with that decision. Thank you for the support, and once again I am thankful for the responsiveness of this community!
February 23, 20197 yr On 2/20/2019 at 1:29 PM, limetech said: That didn't have anything to do with docker though, right? That said, I think we will publish 6.6.7 with an update to docker used in that release. Thank you. 6.6.7 has been released. Upgraded with no issues. Much appreciated.
Archived
This topic is now archived and is closed to further replies.