Masu Binciken Tsaro na Cisco Bayanin rauni (CVE-2019-5021) in Rarraba mai tsayi don tsarin keɓewar kwantena na Docker. Asalin matsalar da aka gano shine cewa an saita kalmar sirri ta asali ga tushen mai amfani zuwa kalmar sirri mara amfani ba tare da toshe shiga kai tsaye azaman tushen ba. Bari mu tuna cewa ana amfani da Alpine don samar da hotuna na hukuma daga aikin Docker (a baya ginin hukuma ya dogara ne akan Ubuntu, amma akwai kuma na Alpine).
Matsalar ta kasance tun lokacin da aka gina Alpine Docker 3.3 kuma an haifar da shi ta hanyar canjin canji da aka kara a cikin 2015 (kafin sigar 3.3, / sauransu/shadow yayi amfani da layin "tushen:: 0::::::" da kuma bayan ɓata tutar “-d” an fara ƙara layin “tushen:: 0:::::::”. An fara gano matsalar kuma a watan Nuwamba 2015, amma a watan Disamba bisa kuskure kuma a cikin fayilolin ginawa na reshe na gwaji, sa'an nan kuma an canza shi zuwa ginin gine-gine.
Bayanan raunin ya nuna cewa matsalar kuma ta bayyana a sabon reshe na Alpine Docker 3.9. Masu haɓaka Alpine a cikin Maris faci da rauni farawa tare da gina 3.9.2, 3.8.4, 3.7.3 da 3.6.5, amma ya kasance a cikin tsofaffin rassan 3.4.x da 3.5.x, waɗanda an riga an dakatar da su. Bugu da kari, masu haɓakawa sun yi iƙirarin cewa vector ɗin harin yana da iyaka sosai kuma yana buƙatar maharin ya sami dama ga abubuwan more rayuwa iri ɗaya.
source: budenet.ru