Container technology led by the Docker engine has become increasingly popular in recent years, as a way to build and deploy applications into isolated segments, on top of a server operating system. At the core of the modern container technology stack is a low-level component known as runc, which spawns and runs containers. The new CVE-2019-5736 vulnerability is a flaw in runc that could enable a malicious container to escape the confines of its isolated process segment.
eWEEK: A new vulnerability in the core runc container code could potentially enable a malicious container to get access to the host operating system. Major vendors and cloud providers are already pushing out patches, but there are other things users can do to limit risk.