A flaw, CVE-2019-5736, has been found in runc, a lightweight tool for spawning and running containers. The flaw could be exploited by a remote attacker to execute arbitrary code in the environment. The knock-on effects resulting from this vulnerability and anyone who successfully exploits it could be severe, writes Scott McCarty, Red Hat’s technical product manager for the container subsystem team. Amazon says most administrators don’t need to take any action, with the exception of users of 11 specific Amazon Web Services offerings.”]
Source: https://www.bankinfosecurity.com/major-flaw-found-in-open-source-container-runtime-a-12019