Red Hat Security Advisory 2019-0487-01

Red Hat Security Advisory 2019-0487-01: Posted Mar 12, 2019; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2019-0487-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. Issues addressed include a memory exhaustion vulnerability.; tags | advisory; systems | linux, redhat; advisories | CVE-2018-20699; SHA-256 | 59cd607108e71d543a7513616c46c93c9e6f8ba58f029ead8e5418be1ee38a30; Download | Favorite | View

Red Hat Security Advisory 2019-0487-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: docker security and bug fix update
Advisory ID:       RHSA-2019:0487-01
Product:           Red Hat Enterprise Linux Extras
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:0487
Issue date:        2019-03-12
CVE Names:         CVE-2018-20699 
=====================================================================

1. Summary:

An update for docker is now available for Red Hat Enterprise Linux 7
Extras.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux 7 Extras - aarch64, ppc64le, s390x, x86_64

3. Description:

Docker is an open-source engine that automates the deployment of any
application as a lightweight, portable, self-sufficient container that runs
virtually anywhere.

Security Fix(es):

* docker: Memory exhaustion via large integer used with --cpuset-mems or
- --cpuset-cpus (CVE-2018-20699)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* docker runc 'panic: runtime error: invalid memory address or nil pointer
dereference' (BZ#1556901)

* temp files in /var/lib/docker persist (BZ#1645591)

* Docker needs to support PIDs Limit for all containers created.
(BZ#1660876)

* dockerd may leak memory resources if uncompressing a layer fails
(BZ#1661443)

* Docker may not properly close hijacked streams (BZ#1668042)

* Director deployed OCP 3.11 deployment fails with openshift-ansible
getting stuck when restarting docker service on master nodes (BZ#1671861)

* Docker service hang (BZ#1678096)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1645591 - temp files in /var/lib/docker persist
1660876 - Docker needs to support PIDs Limit for all containers created.
1661443 - dockerd may leak memory resources if uncompressing a layer fails
1666565 - CVE-2018-20699 docker: Memory exhaustion via large integer used with --cpuset-mems or --cpuset-cpus
1668042 - Docker may not properly close hijacked streams
1671861 - Director deployed OCP 3.11 deployment fails with openshift-ansible getting stuck when restarting docker service on master nodes
1678096 - Docker service hang

6. Package List:

Red Hat Enterprise Linux 7 Extras:

Source:
docker-1.13.1-94.gitb2f74b2.el7.src.rpm

aarch64:
docker-1.13.1-94.gitb2f74b2.el7.aarch64.rpm
docker-client-1.13.1-94.gitb2f74b2.el7.aarch64.rpm
docker-common-1.13.1-94.gitb2f74b2.el7.aarch64.rpm
docker-debuginfo-1.13.1-94.gitb2f74b2.el7.aarch64.rpm
docker-logrotate-1.13.1-94.gitb2f74b2.el7.aarch64.rpm
docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.aarch64.rpm
docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.aarch64.rpm
docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.aarch64.rpm
docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.aarch64.rpm

ppc64le:
docker-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm
docker-client-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm
docker-common-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm
docker-debuginfo-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm
docker-logrotate-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm
docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm
docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm
docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm
docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm

s390x:
docker-1.13.1-94.gitb2f74b2.el7.s390x.rpm
docker-client-1.13.1-94.gitb2f74b2.el7.s390x.rpm
docker-common-1.13.1-94.gitb2f74b2.el7.s390x.rpm
docker-debuginfo-1.13.1-94.gitb2f74b2.el7.s390x.rpm
docker-logrotate-1.13.1-94.gitb2f74b2.el7.s390x.rpm
docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.s390x.rpm
docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.s390x.rpm
docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.s390x.rpm
docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.s390x.rpm

x86_64:
docker-1.13.1-94.gitb2f74b2.el7.x86_64.rpm
docker-client-1.13.1-94.gitb2f74b2.el7.x86_64.rpm
docker-common-1.13.1-94.gitb2f74b2.el7.x86_64.rpm
docker-debuginfo-1.13.1-94.gitb2f74b2.el7.x86_64.rpm
docker-logrotate-1.13.1-94.gitb2f74b2.el7.x86_64.rpm
docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.x86_64.rpm
docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.x86_64.rpm
docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.x86_64.rpm
docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-20699
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXIhihNzjgjWX9erEAQjUOQ/8CSokkuSTmr4Xcg+WLpJZccAk9iM6SyM+
rKKRJPL5QPPS15yyb8NtkftZmWH/8AJK8pKpXwEq8gIQHbCGKRw4/JdNUp69QHsS
bgCNhIoePPe6aotOBwo0WoajcBK+B23ho6Onbld3/fk1ybdMDfl/gn7UVqemmm/G
+EnhoFE3qPMXzmAmNpdBgL7kUp433126BkcBtFUibSILBcDYNLsn98fPo5MjOPzv
ClGpp2HKoSJgWKBtjJTAsefunxKZsQDWMVnQL6FnhtpIOmYxWdg+oV4caGmfGg4P
jTITUlANja3ealYvXZ2YgM92D9QEqgKQvOy2mmmxWFkGiFVhNF9ydJnrFC4Z8QFW
eTcq1JWCEjRPxQGtkIgh91LolYcYL609UhacRlLeSoHNWKVgYxvNpLfb871u2r5a
K80ecxUJBluPA33MFg7l+/3pQNnTKpJg8GXmeF9/hTt2x5VvtTvXE81VkPUSkSBA
XWGALnZMWp385rfNxzCYomZdIevKMufCsueMXTDXXijkDd3aHDR8ppv9mhAaiSTK
n3SNXNmXcoyaaLRM0/MKhX55IYOc/+VeyFMvVTkRUAGOAQq0qoSIAYlU1LtSK3do
XzY5saH8nBbpH+6zWOywhyI6kYv4lZ5qUlLSQyB42IB1Hn28B3eoDCsjs7Rwu+tq
kbUPXS5tDxU=
=B8uD
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Red Hat Security Advisory 2019-0487-01

Red Hat Security Advisory 2019-0487-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2019-0487-01

Share This

Red Hat Security Advisory 2019-0487-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems