We are planning to do a release next week with updated versions of software that don't contain the exploit. We are not doing a release this week because there are two lines of defense that block this exploit on Atomic Host:
1. /usr/ is mounted read-only 2. SELinux is enabled by default
SELinux blocks this exploit and /usr/ being read-only prevents the runc binary from being overwritten. Even if you had disabled SELinux /usr/ is still mounted read only so you're Atomic Host systems should be safe.
Dusty
atomic@lists.stg.fedoraproject.org