Amazon Linux AMI Security Advisory: ALAS-2019-1156
Advisory Release Date: 2019-02-08 22:28 Pacific
Advisory Updated Date: 2019-02-11 16:26 Pacific
A vulnerability was discovered in runc, which is used by Docker to run containers. runc did not prevent container processes from modifying the runc binary via /proc/self/exe. A malicious container could replace the runc binary, resulting in container escape and privilege escalation. This was fixed by creating a per-container copy of runc.(CVE-2019-5736)
Run yum update docker to update your system.