What is CVE-2019-0204?

CVE-2019-0204 is a vulnerability in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1 that allows a malicious actor to gain root access to the system.

How severe is CVE-2019-0204?

CVE-2019-0204 is classified as critical with a severity score of 8.8 out of 10.

How do I check if my system is affected by CVE-2019-0204?

To check if your system is affected by CVE-2019-0204, verify if you have Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, or 1.7.0 to 1.7.1 installed.

How can I fix CVE-2019-0204?

To fix CVE-2019-0204, update your Apache Mesos to version 1.4.3, 1.5.3, 1.6.2, 1.7.2, or 1.8.0, depending on your currently installed version.

Where can I find more information about CVE-2019-0204?

For more information about CVE-2019-0204, you can refer to the following references: - [CVE-2019-0204 on the Apache Mesos mailing list](https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c@%3Cdev.mesos.apache.org%3E) - [CVE-2019-0204 on Bugzilla Red Hat](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1692756) - [Red Hat Security Advisory RHSA-2019:3892](https://access.redhat.com/errata/RHSA-2019:3892)

Vulnerability/
CVE-2019-0204

critical

9.3

CWE

250

23/3/2019

1/1/2022

CVE-2019-0204

First published: Sat Mar 23 2019(Updated: )

A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.

Credit: security@apache.org

Affected Software	Affected Version	How to fix
Apache Mesos	>=1.4.0<1.4.3
Apache Mesos	>=1.6.0<1.6.2
Apache Mesos	>=1.7.0<1.7.2
Apache Mesos	=1.8.0-dev
Redhat Fuse	=7.5.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

RHSA-2019:3892

Frequently Asked Questions

What is CVE-2019-0204?
CVE-2019-0204 is a vulnerability in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1 that allows a malicious actor to gain root access to the system.
How severe is CVE-2019-0204?
CVE-2019-0204 is classified as critical with a severity score of 8.8 out of 10.
How do I check if my system is affected by CVE-2019-0204?
To check if your system is affected by CVE-2019-0204, verify if you have Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, or 1.7.0 to 1.7.1 installed.
How can I fix CVE-2019-0204?
To fix CVE-2019-0204, update your Apache Mesos to version 1.4.3, 1.5.3, 1.6.2, 1.7.2, or 1.8.0, depending on your currently installed version.
Where can I find more information about CVE-2019-0204?
For more information about CVE-2019-0204, you can refer to the following references: - [CVE-2019-0204 on the Apache Mesos mailing list](https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c@%3Cdev.mesos.apache.org%3E) - [CVE-2019-0204 on Bugzilla Red Hat](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1692756) - [Red Hat Security Advisory RHSA-2019:3892](https://access.redhat.com/errata/RHSA-2019:3892)

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/nvd-index
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-0204
agent/software-canonical-lookup
collector/redhat-cve
vendor/apache
canonical/apache mesos
version/apache mesos/1.4.0
version/apache mesos/1.5.0
version/apache mesos/1.6.0
version/apache mesos/1.7.0
version/apache mesos/1.8.0-dev
vendor/redhat
canonical/redhat fuse
version/redhat fuse/7.5.0
package-manager/redhat