cyberITcafe

spotlight with Rich (Latayan360@Outlook.com) - espresso to Security Business Leadership - splash of key note speaker @CISOmd

Saturday, February 16, 2019

RunC Container Runtime Security Flaw Targets Kubernetes, Docker

Container runtime RunC fro Docker,Kubernetes and other container dependent programs is exploitable via attacker gaining access to the host. The open-source command-line tool is used for spawning and running containers. CVE-2019-5736

Now being reported in some Azure and AWS environments...

https://content.pivotal.io/blog/runc-vulnerability-secure-by-default-platform

https://www.bleepingcomputer.com/news/security/runc-vulnerability-gives-attackers-root-access-on-docker-kubernetes-hosts/

https://www.zdnet.com/article/doomsday-docker-security-hole-uncovered/

https://www.crn.com/news/security/new-security-flaw-targets-kubernetes-docker-runc-container-runtime

https://www.openwall.com/lists/oss-security/2019/02/11/2

on February 16, 2019

Email This BlogThis!Share to X Share to Facebook Share to Pinterest

No comments:

Post a Comment

Newer Post Older Post Home

Subscribe to: Post Comments (Atom)

Links

TWEETS - Follow the Data
Co-Chair Evanta Florida CISO
Speaker HMG Strategy
Speaker - IDC | CIO | CSO
SecureWorld Phishing Moderator
4th Annual Cyber Risk Panelist
Cyber Threat Count

Search This Blog

Promote and Protect

Cyberitcafe

View my complete profile

Blog Archive

► 2025 (1)
- ► January (1)

► 2024 (28)
- ► December (8)
- ► November (3)
- ► October (4)
- ► September (3)
- ► August (7)
- ► July (3)

► 2021 (4)
- ► May (1)
- ► February (1)
- ► January (2)

► 2020 (9)
- ► December (4)
- ► November (2)
- ► April (1)
- ► March (1)
- ► February (1)

▼ 2019 (4)
- ► December (1)
- ► April (1)
- ▼ February (1)
  - RunC Container Runtime Security Flaw Targets Kuber...
- ► January (1)

► 2018 (8)
- ► December (1)
- ► November (1)
- ► September (1)
- ► August (1)
- ► July (1)
- ► June (2)
- ► January (1)

► 2017 (23)
- ► December (1)
- ► November (2)
- ► October (1)
- ► September (3)
- ► August (2)
- ► July (1)
- ► May (1)
- ► April (1)
- ► March (2)
- ► February (6)
- ► January (3)

► 2016 (58)
- ► December (5)
- ► October (1)
- ► September (1)
- ► August (1)
- ► July (1)
- ► June (3)
- ► May (8)
- ► April (4)
- ► March (11)
- ► February (7)
- ► January (16)

► 2015 (66)
- ► December (15)
- ► November (23)
- ► October (21)
- ► September (7)

► 2009 (30)
- ► November (1)
- ► October (1)
- ► September (1)
- ► August (1)
- ► July (2)
- ► June (6)
- ► May (11)
- ► April (7)

Report Abuse

Subscribe To

Posts

Posts

Comments

Comments

Home

Blogging to Thought Leadership: 15 Yrs of Reflection

Popular Posts

Synopsis of IIA’s Managers Forum on IT Security

With good presenters and maybe over half of the 70+ registered in attendance, the focus centered on cyber security, CEO/executive concerns o...
Cloud Computing security

Systems were once considered secure yet no matter how secure you think you are one day, it gets less secure each day (with new vulnerabilit...
Refreshing Breach Notification - Legislation

About 33 states in 2015 introduced bill updates / addendums for security breach notifications to include reporting to attorney general or si...

Simple theme. Powered by Blogger.