• Blog
  • Docker security upgrade [CVE-2019-5736]
Docker security upgrade [CVE-2019-5736]

February 20, 2019

Docker security upgrade [CVE-2019-5736]

With the release v2.2.3, we have raised the Docker services to v18.09.2.

The update fixes the recently detected privilege escalation vulnerability, which allowed attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within new and existing containers.

We strongly advise Enterprise users to update Docker and docker-compose on their machine. The upgrade is required to download Buddy v2.2.3.
Cloud users don't have to do anything as the issue has already been addressed in the release.
You can read more about the issue and best practices on securing Docker images on the official Docker blog.


Alexander Kus

Alexander Kus

Customer Success Manager

A story-teller and conversation-lover, Alexander decided to invest his skills to help his friends at Buddy transform the cold language of patch notes into exciting narratives. Also: an avid gamer, hip-hop DJ, Liverpool FC fan, absentminded husband, and the father of two.