Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:0065-1

Опубликовано: 10 янв. 2020
Источник: suse-cvrf

Описание

Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues:

Security issue fixed:

  • CVE-2019-16884: Fixed incomplete patch for LSM bypass via malicious Docker image that mount over a /proc directory (bsc#1152308).

Bug fixes:

  • Update to Docker 19.03.5-ce (bsc#1158590).
  • Update to Docker 19.03.3-ce (bsc#1153367).
  • Update to Docker 19.03.2-ce (bsc#1150397).
  • Fixed default installation such that --userns-remap=default works properly (bsc#1143349).
  • Fixed nginx blocked by apparmor (bsc#1122469).

Список пакетов

Image SLES12-SP5-Azure-Basic-On-Demand
containerd-1.2.10-16.26.1
docker-19.03.5_ce-98.51.1
Image SLES12-SP5-Azure-Standard-On-Demand
containerd-1.2.10-16.26.1
docker-19.03.5_ce-98.51.1
Image SLES12-SP5-EC2-ECS-On-Demand
containerd-1.2.10-16.26.1
docker-19.03.5_ce-98.51.1
Image SLES12-SP5-EC2-On-Demand
containerd-1.2.10-16.26.1
docker-19.03.5_ce-98.51.1
Image SLES12-SP5-GCE-On-Demand
containerd-1.2.10-16.26.1
docker-19.03.5_ce-98.51.1
SUSE Linux Enterprise Module for Containers 12
containerd-1.2.10-16.26.1
docker-19.03.5_ce-98.51.1
docker-libnetwork-0.7.0.1+gitr2877_3eb39382bfa6-28.1
docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-1.35.1

Ссылки

Описание

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.

Затронутые продукты
Image SLES12-SP5-Azure-Basic-On-Demand:containerd-1.2.10-16.26.1
Image SLES12-SP5-Azure-Basic-On-Demand:docker-19.03.5_ce-98.51.1
Image SLES12-SP5-Azure-Standard-On-Demand:containerd-1.2.10-16.26.1
Image SLES12-SP5-Azure-Standard-On-Demand:docker-19.03.5_ce-98.51.1
Ссылки