CVE-2019-5736: runc container breakout

Anybody running containerized workloads with runc (used by Docker,
cri-o, containerd, and Kubernetes, among others) will want to make note of
a newly disclosed vulnerability known as CVE-2019-5736. 'The vulnerability allows a malicious container to (with minimal user
interaction) overwrite the host runc binary and thus gain root-level
code execution on the host.' LXC is also evidently vulnerable to a
variant of the exploit.