Does Docker contain the Heardbleed exploit?

Lets assume, I have an vulnerable OpenSSL server in a Container. Does Docker prevent memory from the host being read?

My assuption is, it does. Because the bug is in OpenSSL and not in the Kernel and Docker should isolate root access in the container. But the Wikipedia only says “partial Root privilege isolation” and suggests its dependent on the backend. So please specify if you answer using libcontainer or lxc or something else.

  • How docker container has extra memory than the host OS?
  • Bash brace expansion not working on Dockerfile RUN command
  • Not able to copy file from docker container to host
  • Where is information from dockerfile located?
  • How do I disable Transparent Hugepages for Docker for Mac/Windows (Native)
  • Kafka producer throws 'TimeoutException: Batch Expired' exception
  • Running multiple docker instances in EC2
  • Writing Elasticsearch logs from Docker to an external volume
  • Making a variable available between containers?
  • How to get /etc/profile to run automatically in Alpine / Docker
  • run /usr/sbin/sshd in a Dockerfile does not work
  • NGINX basic authentication based on environment variable
  • 2 Solutions collect form web for “Does Docker contain the Heardbleed exploit?”

    If a vulnerable server runs in a container, only that container’s memory will be leaked.

    In fact, even without containers, only that server’s process memory will be leaked. For instance, if you have a vulnerable Apache+OpenSSL server and an SSH server running on the same machine, an attacker can get memory fragments from the Apache server, but will never be able to get access to anything from the SSH server. (Unless this Apache server is used to distribute SSH private keys or something like that, of course…)

    This related question suggests only the vulnerable application’s memory is affected. And unless one can fetch local login data or otherwise gain local root access, this question is pretty irrelevant.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.