Overview
On Wednesday January 31, 2024, the Snyk Security Labs team published an advisory about high severity vulnerabilities in the runc command line utility and Docker components.
Docker and runc are common parts of hosted and cloud services infrastructure that can run specific workloads in isolated environments, also referred to as “containers”. The vulnerabilities could allow a crafted malicious container image to escape and gain code execution on the underlying host operating system. This is particularly impactful to scenarios in which containers are provided by an external and untrusted entity as it could enable privileged host-level access to the underlying docker host.
Due to the nature of this vulnerability, it is unlikely that any Sophos products will be impacted.
Patches for Docker and runc
According to the official Docker security advisory, the fixes are included in the following versions:
Patched versions | |
runc | >= 1.1.12 |
BuildKit | >= 0.12.5 |
Moby (Docker Engine) | >= 25.0.2 and >= 24.0.9 |
Docker Desktop | >= 4.27.1 |
What Sophos products are affected?
The following products have been reviewed against the Leaky Vessels vulnerabilities.
Product or Service | Status | Description |
---|---|---|
Cloud Optix | Not affected | Vulnerable code cannot be controlled by adversary |
SG UTM (all versions) | Not affected | Component not present |
Sophos Central | Not affected | Vulnerable code cannot be controlled by adversary |
Sophos Endpoint protection (Windows) | Not affected | Component not present |
Sophos Endpoint protection (macOS) | Not affected | Component not present |
Sophos Endpoint protection (Linux) | Not affected | Component not present |
Sophos Email | Not affected | Vulnerable code cannot be controlled by adversary |
Sophos Firewall (all versions) | Not affected | Component not present |
SophosConnect client | Not affected | Component not present |
Sophos Home (macOS) | Not affected | Component not present |
Sophos Mobile | Not affected | Vulnerable code cannot be controlled by adversary |
Sophos Mobile EAS Proxy | Not affected | Component not present |
Sophos Mobile Control app (iOS + Android) | Not affected | Component not present |
Sophos Intercept X for Mobile app (iOS + Android) | Not affected | Component not present |
Sophos Chrome Security | Not affected | Component not present |
Sophos PhishThreat | Not affected | Vulnerable code cannot be controlled by adversary |
Sophos RED | Not affected | Component not present |
Sophos AP/APX | Not affected | Component not present |
SophosLabs Intelix | Not affected | Vulnerable code cannot be controlled by adversary |
Sophos Secure Access Service Edge (SASE) | Not affected | Component not present |
Sophos SASI (AntiSpam) | Not affected | Component not present |
SUSI | Not affected | Component not present |
AV Engine (all platforms) | Not affected | Component not present |