Launchpad.net

CVE 2016-9962

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.

Related bugs and status

CVE-2016-9962 (Candidate) is related to these bugs:

Bug #1655906: Please upgrade docker.io to latest 1.12.6

		In	Importance	Status
1655906	Please upgrade docker.io to latest 1.12.6	docker.io (Ubuntu)	High	Fix Released
1655906	Please upgrade docker.io to latest 1.12.6	runc (Ubuntu)	Undecided	Fix Released
1655906	Please upgrade docker.io to latest 1.12.6	containerd (Ubuntu)	Undecided	Fix Released
1655906	Please upgrade docker.io to latest 1.12.6	containerd (Ubuntu Xenial)	Undecided	Fix Released
1655906	Please upgrade docker.io to latest 1.12.6	docker.io (Ubuntu Xenial)	Undecided	Fix Released
1655906	Please upgrade docker.io to latest 1.12.6	runc (Ubuntu Xenial)	Undecided	Fix Released
1655906	Please upgrade docker.io to latest 1.12.6	containerd (Ubuntu Yakkety)	Undecided	Fix Released
1655906	Please upgrade docker.io to latest 1.12.6	docker.io (Ubuntu Yakkety)	Undecided	Fix Released
1655906	Please upgrade docker.io to latest 1.12.6	runc (Ubuntu Yakkety)	Undecided	Fix Released

Bug #1817336: [MIR] runc

Summary				In	Importance	Status
	1817336	[MIR] runc		runc (Ubuntu)	Undecided	Fix Released
	1817336	[MIR] runc		runc-app (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-9962

Related bugs and status

Related bugs

References