Upstream information

CVE-2016-9962 at MITRE

Description

Race condition in Docker Engine before 1.12.6 might allow local root users in a container to gain privileges by using ptrace to access file-descriptors of a process launched or moved into the container from another namespace, aka an "on-entry vulnerability."

SUSE information

CVSS v2 Scores
  National Vulnerability Database SUSE
Base Score 4.38 4.05
Vector AV:L/AC:M/Au:N/C:P/I:P/A:P AV:L/AC:M/Au:S/C:P/I:P/A:P
Access Vector Local Local
Access Complexity Medium Medium
Authentication None Single
Confidentiality Impact Partial Partial
Integrity Impact Partial Partial
Availability Impact Partial Partial
SUSE Bugzilla entry: 1012568 [NEW]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Module for Containers 12
  • containerd >= 0.2.5+gitr569_2a5e70c-15.3
  • docker >= 1.12.6-87.2
  • runc >= 0.1.1+gitr2819_50a19c6-15.2
Patchnames:
SUSE-SLE-Module-Containers-12-2017-201
SUSE OpenStack Cloud 6
  • containerd >= 0.2.5+gitr569_2a5e70c-15.3
  • docker >= 1.12.6-87.2
  • runc >= 0.1.1+gitr2819_50a19c6-15.2
Patchnames:
SUSE-OpenStack-Cloud-6-2017-201
openSUSE Leap 42.1
  • containerd >= 0.2.5+gitr569_2a5e70c-10.1
  • containerd-ctr >= 0.2.5+gitr569_2a5e70c-10.1
  • containerd-ctr-debuginfo >= 0.2.5+gitr569_2a5e70c-10.1
  • containerd-debuginfo >= 0.2.5+gitr569_2a5e70c-10.1
  • containerd-debugsource >= 0.2.5+gitr569_2a5e70c-10.1
  • containerd-test >= 0.2.5+gitr569_2a5e70c-10.1
  • docker >= 1.12.6-27.1
  • docker-bash-completion >= 1.12.6-27.1
  • docker-debuginfo >= 1.12.6-27.1
  • docker-debugsource >= 1.12.6-27.1
  • docker-test >= 1.12.6-27.1
  • docker-test-debuginfo >= 1.12.6-27.1
  • docker-zsh-completion >= 1.12.6-27.1
  • runc >= 0.1.1+gitr2819_50a19c6-10.1
  • runc-debuginfo >= 0.1.1+gitr2819_50a19c6-10.1
  • runc-debugsource >= 0.1.1+gitr2819_50a19c6-10.1
  • runc-test >= 0.1.1+gitr2819_50a19c6-10.1
Patchnames:
openSUSE-2017-181
openSUSE Leap 42.2
  • containerd >= 0.2.5+gitr569_2a5e70c-8.1
  • containerd-ctr >= 0.2.5+gitr569_2a5e70c-8.1
  • containerd-ctr-debuginfo >= 0.2.5+gitr569_2a5e70c-8.1
  • containerd-debuginfo >= 0.2.5+gitr569_2a5e70c-8.1
  • containerd-debugsource >= 0.2.5+gitr569_2a5e70c-8.1
  • containerd-test >= 0.2.5+gitr569_2a5e70c-8.1
  • docker >= 1.12.6-25.2
  • docker-bash-completion >= 1.12.6-25.2
  • docker-debuginfo >= 1.12.6-25.2
  • docker-debugsource >= 1.12.6-25.2
  • docker-test >= 1.12.6-25.2
  • docker-test-debuginfo >= 1.12.6-25.2
  • docker-zsh-completion >= 1.12.6-25.2
  • runc >= 0.1.1+gitr2819_50a19c6-8.1
  • runc-debuginfo >= 0.1.1+gitr2819_50a19c6-8.1
  • runc-debugsource >= 0.1.1+gitr2819_50a19c6-8.1
  • runc-test >= 0.1.1+gitr2819_50a19c6-8.1
Patchnames:
openSUSE-2017-181