Test ID:	1.3.6.1.4.1.25623.1.0.876767
Category:	Fedora Local Security Checks
Title:	Fedora Update for lxcfs FEDORA-2019-c1dac1b3b8
Summary:	The remote host is missing an update for the 'lxcfs'; package(s) announced via the FEDORA-2019-c1dac1b3b8 advisory.
Description:	Summary: The remote host is missing an update for the 'lxcfs' package(s) announced via the FEDORA-2019-c1dac1b3b8 advisory. Vulnerability Insight: LXCFS is a simple userspace filesystem designed to work around some current limitations of the Linux kernel. Specifically, it', s providing two main things - A set of files which can be bind-mounted over their /proc originals to provide CGroup-aware values. - A cgroupfs-like tree which is container aware. The code is pretty simple, written in C using libfuse. The main driver for this work was the need to run systemd based containers as a regular unprivileged user while still allowing systemd inside the container to interact with cgroups. Now with the introduction of the cgroup namespace in the Linux kernel, that part is no longer necessary on recent kernels and focus is now on making containers feel more like a real independent system through the proc masking feature. Affected Software/OS: 'lxcfs' package(s) on Fedora 29. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-5736 BugTraq ID: 106976 http://www.securityfocus.com/bid/106976 Cisco Security Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc https://www.exploit-db.com/exploits/46359/ https://www.exploit-db.com/exploits/46369/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/ https://security.gentoo.org/glsa/202003-21 http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html https://access.redhat.com/security/cve/cve-2019-5736 https://access.redhat.com/security/vulnerabilities/runcescape https://aws.amazon.com/security/security-bulletins/AWS-2019-002/ https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/ https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/ https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html https://brauner.github.io/2019/02/12/privileged-containers.html https://bugzilla.suse.com/show_bug.cgi?id=1121967 https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc https://github.com/Frichetten/CVE-2019-5736-PoC https://github.com/docker/docker-ce/releases/tag/v18.09.2 https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d https://github.com/q3k/cve-2019-5736-poc https://github.com/rancher/runc-cve https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/ https://www.openwall.com/lists/oss-security/2019/02/11/2 https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/ https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e@%3Cdev.dlab.apache.org%3E https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46@%3Cdev.dlab.apache.org%3E https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3@%3Cdev.dlab.apache.org%3E https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587@%3Cdev.dlab.apache.org%3E https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c@%3Cdev.mesos.apache.org%3E https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706@%3Cuser.mesos.apache.org%3E http://www.openwall.com/lists/oss-security/2019/03/23/1 http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.openwall.com/lists/oss-security/2019/10/24/1 http://www.openwall.com/lists/oss-security/2019/10/29/3 http://www.openwall.com/lists/oss-security/2024/02/01/1 http://www.openwall.com/lists/oss-security/2024/01/31/6 http://www.openwall.com/lists/oss-security/2024/02/02/3 RedHat Security Advisories: RHSA-2019:0303 https://access.redhat.com/errata/RHSA-2019:0303 RedHat Security Advisories: RHSA-2019:0304 https://access.redhat.com/errata/RHSA-2019:0304 RedHat Security Advisories: RHSA-2019:0401 https://access.redhat.com/errata/RHSA-2019:0401 RedHat Security Advisories: RHSA-2019:0408 https://access.redhat.com/errata/RHSA-2019:0408 RedHat Security Advisories: RHSA-2019:0975 https://access.redhat.com/errata/RHSA-2019:0975 SuSE Security Announcement: openSUSE-SU-2019:1079 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html SuSE Security Announcement: openSUSE-SU-2019:1227 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html SuSE Security Announcement: openSUSE-SU-2019:1275 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html SuSE Security Announcement: openSUSE-SU-2019:1444 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html SuSE Security Announcement: openSUSE-SU-2019:1481 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html SuSE Security Announcement: openSUSE-SU-2019:1499 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html SuSE Security Announcement: openSUSE-SU-2019:1506 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html SuSE Security Announcement: openSUSE-SU-2019:2021 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html SuSE Security Announcement: openSUSE-SU-2019:2245 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html SuSE Security Announcement: openSUSE-SU-2019:2286 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html https://usn.ubuntu.com/4048-1/
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.