ELSA-2019-4680

Опубликовано: 13 июн. 2019

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2019-4680: docker-engine security update (MODERATE)

docker-engine [ 18.09.1-1.0.8]

cherry-picked fix for CVE-2018-15664 from upstream

[18.09.1-1.0.7]

added runc version requirement

[18.09.1-1.0.6]

disable kmem accounting for UEKR4

docker-cli [ 18.09.1-1.0.8]

rebuild

[18.09.1-1.0.7]

rebuild

[18.09.1-1.0.6]

disable kmem accounting for UEKR4

runc [1.0.0-19.rc5.git4bb1fe4.0.4.el7]

fixing version (Michael Calunod)
adding nokem to buildargs in spec file. (Michael Calunod)
cgroups: nokmem: error out on explicitly-set kmemcg limits (Aleksa Sarai)
libcontainer: ability to compile without kmem (Kir Kolyshkin)

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

docker-cli

18.09.1.ol-1.0.8.el7

docker-engine

18.09.1.ol-1.0.8.el7

runc

1.0.0-19.rc5.git4bb1fe4.0.4.el7

Oracle Linux x86_64

docker-cli

18.09.1.ol-1.0.8.el7

docker-engine

18.09.1.ol-1.0.8.el7

runc

1.0.0-19.rc5.git4bb1fe4.0.4.el7

Связанные CVE

CVE-2018-15664

Ссылки на источники

Связанные уязвимости

CVE-2018-15664

CVSS3: 7.5

ubuntu

больше 6 лет назад

In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).