CVE-2016-0761 Docker Image Host Files Corruption
Severity
Critical
Vendor
Cloud Foundry Foundation
Description
Garden linux contains a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host.
Affected VMware Products and Versions
- All Cloud Foundry Garden-Linux versions prior to and including v0.332.0.
- All Elastic Runtime 1.6.x version prior to 1.6.17.
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry Foundation recommends that all deployments of Garden-Linux are upgraded to v0.333.0 [1]
- Pivotal recommends that all PCF deployments running Elastic Runtime 1.6.x are upgraded to Elastic Runtime 1.6.17 or higher.
Credit
Swisscom / SEC Consult