RancherOS security


Security policy

Rancher Labs supports responsible disclosure, and endeavours to resolve all issues in a reasonable time frame. RancherOS is a minimal Linux distribution, built with entirely using open source components.

Reporting process

Please submit possible security issues by emailing [email protected]

Announcments

Subscribe to the Rancher announcements forum for release updates.

RancherOS Vulnerabilities

ID Description Date Resolution
CVE-2017-6074 Local privilege-escalation using a user after free issue in Datagram Congestion Control Protocol (DCCP). DCCP is built into the RancherOS kernel as a dynamically loaded module, and isn’t loaded by default. 17 Feb 2017 RancherOS v0.8.1 using a patched 4.9.12 Linux kernel
CVE-2017-7184 Allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability. 3 April 2017 RancherOS v0.9.2-rc1 using Linux 4.9.20
CVE-2017-1000364 Linux Kernel is prone to a local memory-corruption vulnerability. Attackers may be able to exploit this issue to execute arbitrary code with elevated privileges 19 June 2017 RancherOS v1.0.3
CVE-2017-1000366 glibc contains a vulnerability that allows manipulation of the heap/stack. Attackers may be able to exploit this issue to execute arbitrary code with elevated privileges 19 June 2017 RancherOS v1.0.3