Runc, a building-block project for container technologies like Docker, cri-o, containerd and Kubernetes, has patched a vulnerability. The vulnerability (CVE-2019-5736) “allows a malicious container to (with minimal user interaction) overwrite the host runc binary and thus gain root-level code execution on the host”” An attacker with local access to the affected system can exploit the flaw by convincing users to run malicious or modified containers on their systems. Containers allow applications to be more agile and on-demand
Source: security