Subscribe to our blog

About the February 2019 Cri-O / RunC / Docker vulnerability

February 13, 2019John Goulding
Security 

Tags:Topics

What OpenShift Online and OpenShift Dedicated customers should know about the recently announced vulnerability of runc/docker/CRI-O

On February 11th, 2019, details of a vulnerability that researchers have confirmed is present on certain versions of runc (impacting docker and CRI-O) was published.  These tools are deployed as part of the OpenShift product and impact the Red Hat OpenShift hosted properties.

OpenShift Online

The Starter and Pro tiers are affected by the vulnerability, but known exploits are mitigated by the SELinux configuration deployed on cluster nodes.  As soon as the patched runc, docker, and/or CRI-O code is available, the SRE team will update the cluster infrastructure.

OpenShift Dedicated

The OSD environment is also affected by the vulnerability, but known exploits are mitigated by the SELinux configuration deployed to cluster nodes.  The SRE team will update the cluster infrastructure as soon as the patched runc and docker code is available. OSD customers will be communicated to separately regarding cluster remediation.

Additional Reading

CVE details: https://access.redhat.com/security/cve/cve-2019-5736

Public announcement: https://seclists.org/oss-sec/2019/q1/119

About the author

John Goulding

UI_Icon-Red_Hat-Close-A-Black-RGB

More like this

Blog post

4 use cases for AI in cyber security

Blog post

Learn about trends and best practices from top security experts at Red Hat and NIST's Cybersecurity Open Forum

Original shows

Technically Speaking | Episode 22 | A new software supply chain security recipe

Original shows

Technically Speaking | Episode 18 | WebAssembly breaks away from the browser

Browse by channel

Explore all channels
automation icon

Automation

The latest on IT automation that spans tech, teams, and environments
AI icon

Artificial intelligence

Explore the platforms and partners building a faster path for AI
open hybrid cloud icon

Open hybrid cloud

Explore how we build a more flexible future with hybrid cloud
security icon

Security

Explore how we reduce risks across environments and technologies
edge icon

Edge computing

Updates on the solutions that simplify infrastructure at the edge
Infrastructure icon

Infrastructure

Stay up to date on the world’s leading enterprise Linux platform
application development icon

Applications

The latest on our solutions to the toughest application challenges
Original series icon

Original shows

Entertaining stories from the makers and leaders in enterprise tech