Docker Libcontainer vulnerabilities

CVE-2025-27612 [MEDIUM] CWE-276 Libcontainer is affected by capabilities elevation similar to GHSA-f3fp-gc8g-vw66 Libcontainer is affected by capabilities elevation similar to GHSA-f3fp-gc8g-vw66 ### Impact In libcontainer, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. Code can be seen [here](https://github.com/youki-dev/youki/blob/9e63fa4da1672a78ca45100f3059a732784a5174/crates/libcontainer/src/container/tenant

CVE-2015-3629 [HIGH] CWE-59 CVE-2015-3629: Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.

CVE-2015-3627 [HIGH] CWE-59 CVE-2015-3627: Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process be Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.