repomanz Posted February 11, 2019 Share Posted February 11, 2019 Hey guys - unsure if Alpine / Unraid is impacted but passing along just in case. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736 https://seclists.org/oss-sec/2019/q1/119 repo 1 Quote Link to comment
zoggy Posted February 11, 2019 Share Posted February 11, 2019 to add additional information that is not as dry: https://www.bleepingcomputer.com/news/security/runc-vulnerability-gives-attackers-root-access-on-docker-kubernetes-hosts/ 1 Quote Link to comment
dknaack Posted February 12, 2019 Share Posted February 12, 2019 Exploit code/POC is already available: https://github.com/feexd/pocs/tree/master/CVE-2019-5736 1 Quote Link to comment
Koden Posted February 12, 2019 Share Posted February 12, 2019 Thanks @repomanz, I was just coming here to post on this. More info in case the vendor specific info may be of assistance to anyone... I know my brain works off of keyword recognition much of the time : Amazon/AWS - https://aws.amazon.com/security/security-bulletins/AWS-2019-002/ Kubernetes - https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/ redhat - https://access.redhat.com/security/vulnerabilities/runcescape Ubuntu - https://www.ubuntuupdates.org/package/core/bionic/universe/updates/runc Kubernetes - https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/ US_CERT release - https://www.us-cert.gov/ncas/current-activity/2019/02/11/runc-Open-Source-Container-Vulnerability Quote Link to comment
limetech Posted February 12, 2019 Share Posted February 12, 2019 Thanks for the reports. We did see a new docker release, 18.09.02 that addresses this. We are trying to determine if it warrants Unraid 6.6.7 patch release. Quote Link to comment
ezhik Posted February 12, 2019 Share Posted February 12, 2019 37 minutes ago, limetech said: Thanks for the reports. We did see a new docker release, 18.09.02 that addresses this. We are trying to determine if it warrants Unraid 6.6.7 patch release. Security comes first. I'd say it does. 3 Quote Link to comment
Koden Posted February 20, 2019 Share Posted February 20, 2019 Is there any update with the possibility of updating docker? I only run a few, and I'm generally careful about what images I run, but as evidenced by PEAR's issue's last month even a reputable source can have malware slid in:https://blog.cpanel.com/when-php-went-pear-shaped-the-php-pear-compromise/ Quote Link to comment
limetech Posted February 20, 2019 Share Posted February 20, 2019 12 minutes ago, Koden said: Is there any update with the possibility of updating docker? I only run a few, and I'm generally careful about what images I run, but as evidenced by PEAR's issue's last month even a reputable source can have malware slid in:https://blog.cpanel.com/when-php-went-pear-shaped-the-php-pear-compromise/ That didn't have anything to do with docker though, right? That said, I think we will publish 6.6.7 with an update to docker used in that release. 2 Quote Link to comment
Koden Posted February 20, 2019 Share Posted February 20, 2019 19 minutes ago, limetech said: That didn't have anything to do with docker though, right? No, not directly; unless unRAID uses the PEAR PHP package and implemented a compromised copy... I mentioned that only as an example of how easily compromise *could* happen, even using only reputable sources (which is the #1 response when talking about vm or docker vulnerabilities usually). As a more direct example, I run a Plex docker. So if Plex's software has, or developed, a bug that allowed exploitation of the runc vulnerability, I could end up riding the proverbial smelly creek without a poop-stick! 19 minutes ago, limetech said: That said, I think we will publish 6.6.7 with an update to docker used in that release. Thank you 🙂 I for one will sleep easier with that decision. Thank you for the support, and once again I am thankful for the responsiveness of this community! Quote Link to comment
ezhik Posted February 23, 2019 Share Posted February 23, 2019 On 2/20/2019 at 1:29 PM, limetech said: That didn't have anything to do with docker though, right? That said, I think we will publish 6.6.7 with an update to docker used in that release. Thank you. 6.6.7 has been released. Upgraded with no issues. Much appreciated. 1 Quote Link to comment
Koden Posted February 25, 2019 Share Posted February 25, 2019 I concur - upgrade successful and most appreciated 👍 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.