-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Low: docker security and bug fix update Advisory ID: RHSA-2019:0487-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://access.redhat.com/errata/RHSA-2019:0487 Issue date: 2019-03-12 CVE Names: CVE-2018-20699 ===================================================================== 1. Summary: An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux 7 Extras - aarch64, ppc64le, s390x, x86_64 3. Description: Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. Security Fix(es): * docker: Memory exhaustion via large integer used with --cpuset-mems or - --cpuset-cpus (CVE-2018-20699) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * docker runc 'panic: runtime error: invalid memory address or nil pointer dereference' (BZ#1556901) * temp files in /var/lib/docker persist (BZ#1645591) * Docker needs to support PIDs Limit for all containers created. (BZ#1660876) * dockerd may leak memory resources if uncompressing a layer fails (BZ#1661443) * Docker may not properly close hijacked streams (BZ#1668042) * Director deployed OCP 3.11 deployment fails with openshift-ansible getting stuck when restarting docker service on master nodes (BZ#1671861) * Docker service hang (BZ#1678096) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1645591 - temp files in /var/lib/docker persist 1660876 - Docker needs to support PIDs Limit for all containers created. 1661443 - dockerd may leak memory resources if uncompressing a layer fails 1666565 - CVE-2018-20699 docker: Memory exhaustion via large integer used with --cpuset-mems or --cpuset-cpus 1668042 - Docker may not properly close hijacked streams 1671861 - Director deployed OCP 3.11 deployment fails with openshift-ansible getting stuck when restarting docker service on master nodes 1678096 - Docker service hang 6. Package List: Red Hat Enterprise Linux 7 Extras: Source: docker-1.13.1-94.gitb2f74b2.el7.src.rpm aarch64: docker-1.13.1-94.gitb2f74b2.el7.aarch64.rpm docker-client-1.13.1-94.gitb2f74b2.el7.aarch64.rpm docker-common-1.13.1-94.gitb2f74b2.el7.aarch64.rpm docker-debuginfo-1.13.1-94.gitb2f74b2.el7.aarch64.rpm docker-logrotate-1.13.1-94.gitb2f74b2.el7.aarch64.rpm docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.aarch64.rpm docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.aarch64.rpm docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.aarch64.rpm docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.aarch64.rpm ppc64le: docker-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm docker-client-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm docker-common-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm docker-debuginfo-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm docker-logrotate-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm s390x: docker-1.13.1-94.gitb2f74b2.el7.s390x.rpm docker-client-1.13.1-94.gitb2f74b2.el7.s390x.rpm docker-common-1.13.1-94.gitb2f74b2.el7.s390x.rpm docker-debuginfo-1.13.1-94.gitb2f74b2.el7.s390x.rpm docker-logrotate-1.13.1-94.gitb2f74b2.el7.s390x.rpm docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.s390x.rpm docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.s390x.rpm docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.s390x.rpm docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.s390x.rpm x86_64: docker-1.13.1-94.gitb2f74b2.el7.x86_64.rpm docker-client-1.13.1-94.gitb2f74b2.el7.x86_64.rpm docker-common-1.13.1-94.gitb2f74b2.el7.x86_64.rpm docker-debuginfo-1.13.1-94.gitb2f74b2.el7.x86_64.rpm docker-logrotate-1.13.1-94.gitb2f74b2.el7.x86_64.rpm docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.x86_64.rpm docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.x86_64.rpm docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.x86_64.rpm docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-20699 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXIhihNzjgjWX9erEAQjUOQ/8CSokkuSTmr4Xcg+WLpJZccAk9iM6SyM+ rKKRJPL5QPPS15yyb8NtkftZmWH/8AJK8pKpXwEq8gIQHbCGKRw4/JdNUp69QHsS bgCNhIoePPe6aotOBwo0WoajcBK+B23ho6Onbld3/fk1ybdMDfl/gn7UVqemmm/G +EnhoFE3qPMXzmAmNpdBgL7kUp433126BkcBtFUibSILBcDYNLsn98fPo5MjOPzv ClGpp2HKoSJgWKBtjJTAsefunxKZsQDWMVnQL6FnhtpIOmYxWdg+oV4caGmfGg4P jTITUlANja3ealYvXZ2YgM92D9QEqgKQvOy2mmmxWFkGiFVhNF9ydJnrFC4Z8QFW eTcq1JWCEjRPxQGtkIgh91LolYcYL609UhacRlLeSoHNWKVgYxvNpLfb871u2r5a K80ecxUJBluPA33MFg7l+/3pQNnTKpJg8GXmeF9/hTt2x5VvtTvXE81VkPUSkSBA XWGALnZMWp385rfNxzCYomZdIevKMufCsueMXTDXXijkDd3aHDR8ppv9mhAaiSTK n3SNXNmXcoyaaLRM0/MKhX55IYOc/+VeyFMvVTkRUAGOAQq0qoSIAYlU1LtSK3do XzY5saH8nBbpH+6zWOywhyI6kYv4lZ5qUlLSQyB42IB1Hn28B3eoDCsjs7Rwu+tq kbUPXS5tDxU= =B8uD -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce