Aleksa Sarai

The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116). The CVE-2020-14300 was assigned to this security regression and it is specific to the docker packages produced by Red Hat. The original issue - CVE-2016-9962 - could possibly allow a process inside container to compromise a process entering container namespace and execute arbitrary code outside of the container. This could lead to compromise of the container host or other containers running on the same container host. This issue only affects a single version of Docker, 1.13.1-108.git4ef4b30, shipped in Red Hat Enterprise Linux 7. Both earlier and later versions are not affected.

**Name of the Vulnerable Software and Affected Versions** Docker versions through 18.06.1-ce-rc2 **Description** The issue is related to a symlink-exchange attack with Directory Traversal in the API endpoints behind the 'docker cp' command, allowing attackers to gain arbitrary read-write access to the host filesystem with root privileges. This is due to the daemon/archive.go not performing archive operations on a frozen filesystem or from within a chroot. The vulnerability can be exploited to elevate privileges and gain read-write access to files. It affects all versions of Docker and remains unpatched, with a proposed patch pending acceptance to implement pausing container operations during filesystem operations. **Recommendations** For Docker versions through 18.06.1-ce-rc2, consider disabling the `daemon/archive.go` component or restricting its use until a patch is available. As a temporary workaround, avoid using the `docker cp` command to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 14.0.0 **Description** The issue concerns a missing state in the software that fails to enforce the use of a second factor at login if the provider of the second factor fails to load. **Recommendations** For versions prior to 14.0.0, update to version 14.0.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** runc (affected versions not specified) **Description** The issue is related to a flaw in tracking additional container processes using the container's pid 1, which can be exploited to gain access to sensitive data, compromise data integrity, and cause a denial of service. Specifically, the vulnerability allows the main processes of the container, if running as root, to gain access to file-descriptors of new processes during initialization, potentially leading to container escapes or modification of the runC state before the process is fully placed inside the container. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.