Selaa lähdekoodia

Merge pull request #25020 from jfrazelle/update-non-events

update security non-events
Sebastiaan van Stijn 9 vuotta sitten
vanhempi
commit
14664beda9
1 muutettua tiedostoa jossa 8 lisäystä ja 0 poistoa
  1. 8 0
      docs/security/non-events.md

+ 8 - 0
docs/security/non-events.md

@@ -73,6 +73,14 @@ seccomp profile.
 A bug in eBPF -- the special in-kernel DSL used to express things like seccomp
 filters -- allowed arbitrary reads of kernel memory. The `bpf()` system call
 is blocked inside Docker containers using (ironically) seccomp.
+* [CVE-2016-3134](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3134),
+[4997](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4997),
+[4998](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4998):
+A bug in setsockopt with `IPT_SO_SET_REPLACE`, `ARPT_SO_SET_REPLACE`,  and
+`ARPT_SO_SET_REPLACE` causing memory corruption / local privilege escalation.
+These arguments are blocked by `CAP_NET_ADMIN`, which Docker does not allow by
+default.
+
 
 Bugs *not* mitigated: