Описание
Security update for docker
This update for docker fixes the following issues:
Security issue fixed:
- CVE-2018-15664: Fixed an issue which could make docker cp vulnerable to symlink-exchange race attacks (bsc#1096726).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
docker-18.09.6_ce-lp151.2.6.1
docker-bash-completion-18.09.6_ce-lp151.2.6.1
docker-test-18.09.6_ce-lp151.2.6.1
docker-zsh-completion-18.09.6_ce-lp151.2.6.1
openSUSE Leap 15.1
docker-18.09.6_ce-lp151.2.6.1
docker-bash-completion-18.09.6_ce-lp151.2.6.1
docker-test-18.09.6_ce-lp151.2.6.1
docker-zsh-completion-18.09.6_ce-lp151.2.6.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1621-1
- SUSE Security Ratings
- SUSE Bug 1096726
- SUSE CVE CVE-2018-15664 page
Описание
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).
Затронутые продукты
openSUSE Leap 15.0:docker-18.09.6_ce-lp151.2.6.1
openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp151.2.6.1
openSUSE Leap 15.0:docker-test-18.09.6_ce-lp151.2.6.1
openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp151.2.6.1
Ссылки
- CVE-2018-15664
- SUSE Bug 1096726
- SUSE Bug 1139649