CVE-2019-5736: runc container breakout

Anybody running containerized workloads with runc (used by Docker,cri-o, containerd, and Kubernetes, among others) will want to make note ofa newly disclosed vulnerability known as CVE-2019-5736. "The vulnerability allows a malicious container to (with minimal userinteraction) overwrite the host runc binary and thus gain root-levelcode execution on the host." LXC is also evidently vulnerable to avariant of the exploit.