Source: rkt Version: 1.30.0+dfsg-7 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://github.com/rkt/rkt/issues/3998
Hi, The following vulnerabilities were published for rkt. CVE-2019-10144[0]: rkt: processes run with `rkt enter` are given all capabilities during stage 2 CVE-2019-10145[1]: processes run with rkt enter do not have seccomp filtering during stage 2 CVE-2019-10147[2]: processes run with rkt enter are not limited by cgroups during stage 2 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10144 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10144 [1] https://security-tracker.debian.org/tracker/CVE-2019-10145 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10145 [2] https://security-tracker.debian.org/tracker/CVE-2019-10147 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10147 [3] https://github.com/rkt/rkt/issues/3998 [4] https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/ Regards, Salvatore
