blob: 1557ac2a309462cdd0ff3f7081cbe7e565cb5f29 [file] [log] [blame]
module: github.com/opencontainers/runc
package: github.com/opencontainers/runc/libcontainer/user
versions:
- fixed: v0.1.0
description: |
GetExecUser in the github.com/opencontainers/runc/libcontainer/user package will
improperly interpret numeric UIDs as usernames. If the method is used without
verifying that usernames are formatted as expected, it may allow a user to
gain unexpected privileges.
cves:
- CVE-2016-3697
symbols:
- GetExecUser
derived_symbols:
- GetExecUserPath
links:
pr: https://github.com/opencontainers/runc/pull/708
commit: https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091
context:
- https://github.com/docker/docker/issues/21436
- http://rhn.redhat.com/errata/RHSA-2016-1034.html
- http://rhn.redhat.com/errata/RHSA-2016-2634.html
- https://security.gentoo.org/glsa/201612-28