[pkg-go] Bug#853240: runc: CVE-2016-8867
Thorsten Alteholz
debian at alteholz.de
Mon Jan 30 18:51:32 UTC 2017
Package: runc
Severity: important
Tags: security
Hi,
the following vulnerability was published for runc.
CVE-2016-8867[0]:
| Docker Engine 1.12.2 enabled ambient capabilities with misconfigured
| capability policies. This allowed malicious images to bypass user
| permissions to access files within the container filesystem or mounted
| volumes.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-8867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8867
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-go-maintainers
mailing list