20 February 2019

Docker security upgrade [CVE-2019-5736]

Docker security upgrade [CVE-2019-5736]

With the release v2.2.3, we have raised the Docker services to v18.09.2.

The update fixes the recently detected privilege escalation vulnerability, which allowed attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within new and existing containers.

We strongly advise Enterprise users to update Docker and docker-compose on their machine. The upgrade is required to download Buddy v2.2.3.

Cloud users don’t have to do anything as the issue has already been addressed in the release.

You can read more about the issue and best practices on securing Docker images on the official Docker blog.