Does Docker contain the Heardbleed exploit?

Lets assume, I have an vulnerable OpenSSL server in a Docker.io Container. Does Docker prevent memory from the host being read?

My assuption is, it does. Because the bug is in OpenSSL and not in the Kernel and Docker should isolate root access in the container. But the Wikipedia only says “partial Root privilege isolation” and suggests its dependent on the backend. So please specify if you answer using libcontainer or lxc or something else.

  • How to delete a user from the LDAP container
  • Docker disconnect all containers from docker network
  • docker connect (101: Network is unreachable)
  • Docker Image file details
  • Does Iptables has any limitation in combination with TCP short connection?
  • Resize docker container after freeing space inside
  • Why does setfacl not work in docker container?
  • Docker in Docker cannot mount volume
  • How to run docker images File in window 8?
  • How to make an Azure VM & configure containers to use Azure File Storage via docker CLI / quickstart terminal?
  • What is the replacement for `--net=container` in new docker networking?
  • How to apply new logrotate config for syslog, without restarting the system?
  • 2 Solutions collect form web for “Does Docker contain the Heardbleed exploit?”

    If a vulnerable server runs in a container, only that container’s memory will be leaked.

    In fact, even without containers, only that server’s process memory will be leaked. For instance, if you have a vulnerable Apache+OpenSSL server and an SSH server running on the same machine, an attacker can get memory fragments from the Apache server, but will never be able to get access to anything from the SSH server. (Unless this Apache server is used to distribute SSH private keys or something like that, of course…)

    This related question suggests only the vulnerable application’s memory is affected. And unless one can fetch local login data or otherwise gain local root access, this question is pretty irrelevant.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.