Skip to main content

Double-Free (CVE-2017-6074) and Security Bypass (CVE-2016-8867) Vulnerabilities Updated in Linux Kernel

The Double-Free vulnerability in the Linux kernel, as reported in CVE-2017-6074, has been patched in CoreOS Container Linux. This vulnerability could allow a local user to escalate to root privileges.

The Security Bypass vulnerability, a design error found in Docker 1.12.2 and reported in CVE-2016-8867, has also been patched in Container Linux. This vulnerability could allow malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.

Additionally, this update corrects an error that reintroduced the RunC exec vulnerability (CVE 2016-9962) into recent releases.

Theses updates are currently rolling out to the Alpha (v1325.1.0), Beta (v1298.4.0) and Stable (v1235.12.0) Container Linux channels. If automatic updates are enabled (default configuration), your server should be patched within the next several hours (if it hasn’t already received the update).

If automatic updates are disabled, you can force an update by running update_engine_client -check_for_update.

If you have any questions, you can easily reach us in IRC freenode/#coreos or our community channels.