RancherOS Security Advisory: [CVE-2017-1000364 and CVE-2017-1000366]

aemneina · June 26, 2017, 6:43pm

Two recent security exposures were discovered in RancherOS versions 1.0.2 and prior. The kernel exploit allows for local memory to be corrupted, which enables an escalation of privileges. The second exploit affects applications compiled with the GNU glibc library. This too allows local memory corruption that enables the attacker to exploit this issue and execute arbitrary code in the context of the application.

What is affected:

Linux Kernel CVE-2017-1000364 Local Memory Corruption Vulnerability

Linux Kernel is prone to a local memory-corruption vulnerability.

Attackers may be able to exploit this issue to execute arbitrary code with elevated privileges. Failed attack attempts will likely result in denial-of-service conditions.

Linux Kernel 4.11.5 and prior versions are vulnerable.

GNU glibc CVE-2017-1000366 Local Memory Corruption Vulnerability

GNU glibc is prone to local memory-corruption vulnerability.

An attacker could exploit this issue to execute arbitrary code in the context of the application.

GNU glibc 2.25 and prior versions are vulnerable.

Fix is available with RancherOS 1.0.3 available now.

Topic		Replies	Views
RancherOS Security Advisory: [CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715] Announcements	3	1937	January 9, 2018
RancherOS Release - v1.0.3 Announcements	0	1241	June 26, 2017
RancherOS Release - v1.1.3 - Addresses CVE-2017-5754 Announcements	1	1740	January 8, 2018
RancherOS Release - v0.8.1 Announcements	0	1099	February 24, 2017
RancherOS Release - v1.0.5 - Addresses CVE-2017-5715 Announcements	1	1053	February 7, 2018

RancherOS Security Advisory: [CVE-2017-1000364 and CVE-2017-1000366]

What is affected:

Linux Kernel CVE-2017-1000364 Local Memory Corruption Vulnerability

GNU glibc CVE-2017-1000366 Local Memory Corruption Vulnerability

Fix is available with RancherOS 1.0.3 available now.

Related Topics