Skip to content
This repository has been archived by the owner on Apr 12, 2021. It is now read-only.

Commit

Permalink
rkt: add CVEs
Browse files Browse the repository at this point in the history 
https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
  • Loading branch information
@zowoq
zowoq committed Mar 7, 2020
1 parent db4ccde commit c4c936f
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions pkgs/applications/virtualization/rkt/default.nix
View file
Expand Up @@ -69,5 +69,10 @@ in stdenv.mkDerivation rec {
license = licenses.asl20;
maintainers = with maintainers; [ ragge steveej ];
platforms = [ "x86_64-linux" ];
knownVulnerabilities = [
"CVE-2019-10144: processes run with `rkt enter` are given all capabilities during stage 2"
"CVE-2019-10145: processes run with `rkt enter` do not have seccomp filtering during stage 2"
"CVE-2019-10147: processes run with `rkt enter` are not limited by cgroups during stage 2"
];
};
}

0 comments on commit c4c936f

Please sign in to comment.