Описание
Security update for docker
This update for docker fixes the following issues:
Security issue fixed:
- CVE-2018-15664: Fixed an issue which made docker cp vulnerable to symlink-exchange race attacks (bsc#1096726).
Список пакетов
Image SLES12-SP5-Azure-Basic-On-Demand
docker-18.09.6_ce-98.40.1
Image SLES12-SP5-Azure-Standard-On-Demand
docker-18.09.6_ce-98.40.1
Image SLES12-SP5-EC2-ECS-On-Demand
docker-18.09.6_ce-98.40.1
Image SLES12-SP5-EC2-On-Demand
docker-18.09.6_ce-98.40.1
Image SLES12-SP5-GCE-On-Demand
docker-18.09.6_ce-98.40.1
SUSE Linux Enterprise Module for Containers 12
docker-18.09.6_ce-98.40.1
Ссылки
- Link for SUSE-SU-2019:1514-1
- E-Mail link for SUSE-SU-2019:1514-1
- SUSE Security Ratings
- SUSE Bug 1096726
- SUSE CVE CVE-2018-15664 page
Описание
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).
Затронутые продукты
Image SLES12-SP5-Azure-Basic-On-Demand:docker-18.09.6_ce-98.40.1
Image SLES12-SP5-Azure-Standard-On-Demand:docker-18.09.6_ce-98.40.1
Image SLES12-SP5-EC2-ECS-On-Demand:docker-18.09.6_ce-98.40.1
Image SLES12-SP5-EC2-On-Demand:docker-18.09.6_ce-98.40.1
Ссылки
- CVE-2018-15664
- SUSE Bug 1096726
- SUSE Bug 1139649