Time to PATCH (again) - Attackers can escape Linux CONTAINERS and obtain unauthorized, root-level access to the host operating system.

• Docker users should check the Docker release notes for version 18.09.2.
• Kubernetes users should consult the Kubernetes blog article entitled Runc and CVE-2019-5736, 
• Any containerization product that uses runc is probably vulnerable – if you have a version numbered runc 1.0-rc6 or earlier, you need to take action

• Patch runc if you’re using it yourself.
• Stop guest containers running as root if you can.
• Ask your provider if they’re using runc on your behalf. 

CVE-2019-5736 - This bug means that a program run with root privileges inside a guest container can make changes with root privilege outside that container.

https://nakedsecurity.sophos.com/2019/02/12/linux-container-bug-could-eat-your-server-from-the-inside-patch-now/