mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
update non-events
Signed-off-by: Jess Frazelle <jessfraz@google.com>
This commit is contained in:
parent
e306466569
commit
6837cfc13c
1 changed files with 8 additions and 0 deletions
|
@ -73,6 +73,14 @@ seccomp profile.
|
|||
A bug in eBPF -- the special in-kernel DSL used to express things like seccomp
|
||||
filters -- allowed arbitrary reads of kernel memory. The `bpf()` system call
|
||||
is blocked inside Docker containers using (ironically) seccomp.
|
||||
* [CVE-2016-3134](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3134),
|
||||
[4997](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4997),
|
||||
[4998](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4998):
|
||||
A bug in setsockopt with `IPT_SO_SET_REPLACE`, `ARPT_SO_SET_REPLACE`, and
|
||||
`ARPT_SO_SET_REPLACE` causing memory corruption / local privilege escalation.
|
||||
These arguments are blocked by `CAP_NET_ADMIN`, which Docker does not allow by
|
||||
default.
|
||||
|
||||
|
||||
Bugs *not* mitigated:
|
||||
|
||||
|
|
Loading…
Reference in a new issue