Publication Date: February 14, 2019
Update Date: February 14, 2019
Philips is currently monitoring updates related to the recent advisory by National Institute of Standards and Technology (NIST) regarding a flaw in runc, Docker and Kubernetes’ container runtime. (See Advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-5736.) RunC is the underlying container runtime for Docker, Kubernetes, and other container-dependent programs. It is an open-source command-line tool for spawning and running containers.
As part of Philips’ product security policy and protocols, Health Suite Digital Platform (HSDP) is aware of the recently disclosed security issue that affects several open-source container management systems (CVE-2019-5736). HSDP Operations reviewed the security bulletin and determined that the Cloud Foundry and container-host service environments are not vulnerable due to user namespaces being strictly enforced. No action is required by clients to address this security issue. At this time, Philips has not received reports of these vulnerabilities affecting clinical use of company products.
Philips advises customers with product concerns relating to these vulnerabilities should send an email to firstname.lastname@example.org. Further information regarding Philips’ recommendations regarding this event may be found at the Philips product security web site: https://www.philips.com/productsecurity
Customers with questions regarding their specific products are advised to contact their local Philips service support team or their regional service support. Philips contact information is available at the following web page: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions