Apache · Apache Mesos · CVE-2019-0204
Name of the Vulnerable Software and Affected Versions:
Apache Mesos versions prior to 1.4.x
Apache Mesos versions 1.4.0 through 1.4.2
Apache Mesos versions 1.5.0 through 1.5.2
Apache Mesos versions 1.6.0 through 1.6.1
Apache Mesos versions 1.7.0 through 1.7.1
Description:
A malicious actor can gain root-level code execution on the host by overwriting the init helper binary of the container runtime and/or the command executor in Apache Mesos using a specifically crafted Docker image running under the root user.
Recommendations:
For versions prior to 1.4.x, update to a version newer than 1.4.x.
For versions 1.4.0 through 1.4.2, update to a version newer than 1.4.2.
For versions 1.5.0 through 1.5.2, update to a version newer than 1.5.2.
For versions 1.6.0 through 1.6.1, update to a version newer than 1.6.1.
For versions 1.7.0 through 1.7.1, update to a version newer than 1.7.1.