Does Docker contain the Heardbleed exploit?

Lets assume, I have an vulnerable OpenSSL server in a Container. Does Docker prevent memory from the host being read?

My assuption is, it does. Because the bug is in OpenSSL and not in the Kernel and Docker should isolate root access in the container. But the Wikipedia only says “partial Root privilege isolation” and suggests its dependent on the backend. So please specify if you answer using libcontainer or lxc or something else.

  • docker-compose persistent data on host and container
  • How do I get host networking to work with docker swarm mode
  • auto deploy to docker from nexus repo when maven project version changed
  • How to name Dockerfiles
  • How to mount volume mounted in a docker image into another docker image?
  • Docker DNS Server not contactable outsid container
  • Developer environment - how to call/consume other micro services
  • Connect to docker containers with just service name and task slot?
  • building in docker using buildpack-deps, but dependencies don't seem to be installed?
  • SSL: how to get access to HTTPS in docker container
  • docker lvm thin pool cleanup
  • Purge process_execution, instance and instance_label_map data?
  • 2 Solutions collect form web for “Does Docker contain the Heardbleed exploit?”

    If a vulnerable server runs in a container, only that container’s memory will be leaked.

    In fact, even without containers, only that server’s process memory will be leaked. For instance, if you have a vulnerable Apache+OpenSSL server and an SSH server running on the same machine, an attacker can get memory fragments from the Apache server, but will never be able to get access to anything from the SSH server. (Unless this Apache server is used to distribute SSH private keys or something like that, of course…)

    This related question suggests only the vulnerable application’s memory is affected. And unless one can fetch local login data or otherwise gain local root access, this question is pretty irrelevant.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.