CVE-2016-6349

NameCVE-2016-6349
DescriptionThe machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Notes

NOT-FOR-US: oci-register-machine
https://www.openwall.com/lists/oss-security/2016/07/26/5
Requirement is that docker containers would register themselves to
to systemd-machined by oci-register-machine (not packaged in Debian,
and https://github.com/projectatomic/docker/commit/a307e90141ba31b378bc31bb7720ed141f47cd9b
not applied to docker.io).
https://github.com/systemd/systemd/issues/3815
The problem as well only arises with docker fork in RedHat, not with upstream docker
https://github.com/projectatomic/oci-register-machine/pull/22

Search for package or bug name: Reporting problems