Docker: Privilege escalation — GLSA 201612-28

A vulnerability in Docker could lead to the escalation of privileges.

Affected Packages

app-emulation/docker on all architectures
Affected versions < 1.11.0
Unaffected versions >= 1.11.0

Background

Docker is the world’s leading software containerization platform.

Description

Docker does not properly distinguish between numeric UIDs and string usernames.

Impact

Local attackers could possibly escalate their privileges.

Workaround

There is no known workaround at this time.

Resolution

All Docker users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-emulation/docker-1.11.0"
 

References

Release Date
December 11, 2016

Latest Revision
December 11, 2016: 1

Severity
normal

Exploitable
remote

Bugzilla entries