This bug was fixed in the package runc - 1.0.0~rc2+docker1.12.6-0ubuntu1~16.04.1
--------------- runc (1.0.0~rc2+docker1.12.6-0ubuntu1~16.04.1) xenial; urgency=medium * Backport to Xenial. (LP: #1675288) -- Michael Hudson-Doyle <michael.hud...@ubuntu.com> Tue, 28 Mar 2017 13:49:34 +1300 ** Changed in: runc (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1675288 Title: security fix to runc in docker-1.12.3 wasn't picked Status in runc package in Ubuntu: Fix Released Status in runc source package in Xenial: Fix Released Status in runc source package in Yakkety: Fix Committed Bug description: [Impact] https://github.com/docker/docker/issues/27590#issuecomment-255241013 The steps are very clear, it's very easy to recur, so I don't repeat here. The CVE link: https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2016-8867 [Test case] $ tmp=$(mktemp -d) $ cd $tmp $ cat > Dockerfile << EOF FROM debian RUN useradd example RUN id USER example RUN id RUN cat /etc/shadow CMD /bin/bash EOF $ docker build --no-cache -t example . The 'cat /etc/shadow' in the Dockerfile should fail. [Regression potential] We're fixing this by moving to the exact commit of runc the docker 1.12.6 release expects, so there shouldn't be any issues. In addition https://wiki.ubuntu.com/DockerUpdates applies. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/runc/+bug/1675288/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp