Maintained with ☕️ by
IcePanel logo
Microsoft Azure logo
Original post

CVE-2019-5736 fix for Azure IoT Edge



Recently, a security vulnerability ([CVE-2019-5736]( "")) was announced in runC, the low-level container runtime that supports Docker and associated container engines. The vulnerability allows a malicious container to escalate privileges on the host machine when a user runs the exec command to execute an operation in a running instance of that container. Microsoft has built a new version of the Moby container runtime (v3.0.4) that includes the Open Container Initiative (OCI) update to address this vulnerability. We highly recommend that you update the container runtime on your IoT Edge device by using the following instructions, as applicable: Linux Debian-based X64 (.deb): 1. Follow the [instructions ]( "")to register to Microsoft key and software repository feed. 2. sudo apt-get update 3. sudo apt-get install moby-engine Linux CentOS-based X64 (.rpm): 1. curl -L\_64-rpm-latest -o moby-engine-3.0.4-centos.x86\_64.rpm 2. sudo yum install -y ./moby-engine-3.0.4-centos.x86\_64.rpm Linux Debian-based ARM32 (for example, Raspberry Pi): 1. curl -L -o moby\_engine.deb 2. sudo dpkg -i ./moby\_engine.deb Please update [Docker Engine (18.09.2 or more recent) ]( you’re testing or developing with Docker instead of the Microsoft-built moby-engine. Windows containers on Windows are not affected. * Azure IoT Edge * Security * [ Azure IoT Edge](