Rancher Labs supports responsible disclosure, and endeavours to resolve all issues in a reasonable time frame. RancherOS is a minimal Linux distribution, built with entirely using open source components.
Please submit possible security issues by emailing firstname.lastname@example.org
Subscribe to the Rancher announcements forum for release updates.
|CVE-2017-6074||Local privilege-escalation using a user after free issue in Datagram Congestion Control Protocol (DCCP). DCCP is built into the RancherOS kernel as a dynamically loaded module, and isn’t loaded by default.||17 Feb 2017||RancherOS v0.8.1 using a patched 4.9.12 Linux kernel|
|CVE-2017-7184||Allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability.||3 April 2017||RancherOS v0.9.2-rc1 using Linux 4.9.20|
|CVE-2017-1000364||Linux Kernel is prone to a local memory-corruption vulnerability. Attackers may be able to exploit this issue to execute arbitrary code with elevated privileges||19 June 2017||RancherOS v1.0.3|
|CVE-2017-1000366||glibc contains a vulnerability that allows manipulation of the heap/stack. Attackers may be able to exploit this issue to execute arbitrary code with elevated privileges||19 June 2017||RancherOS v1.0.3|
|CVE-2017-1000405||The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty.||10 Dec 2017||RancherOS v1.1.1|
|CVE-2017-5754||Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.||5 Jan 2018||RancherOS v1.1.3 using Linux v4.9.75|
|CVE-2017-5715||Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis||6 Feb 2018||RancherOS v1.1.4 using Linux v4.9.78 with the Retpoline support|