Fedora 28: docker-latest Security Update
Summary
Docker is an open-source engine that automates the deployment of any
application as a lightweight, portable, self-sufficient container that will
run virtually anywhere.
Docker containers can encapsulate any payload, and will run consistently on
and between virtually any server. The same container that a developer builds
and tests on a laptop will run at scale, in production*, on VMs, bare-metal
servers, OpenStack clusters, public instances, or combinations of the above.
- Resolves: #1666565, #1667625 - CVE-2018-20699 - Resolves: #1663068, #1667626 -umount all procfs and sysfs with --no-pivot - built docker
@projectatomic/docker-1.13.1 commit 1185cfd - built docker-runc
@projectatomic/docker-1.13.1 commit e4ffe43 ---- Resolves: #1598581, #1598582
- CVE-2018-10892
* Sat Jan 19 2019 Lokesh Mandvekar
- Resolves: #1666565, #1667625 - CVE-2018-20699
- Resolves: #1663068, #1667626 - umount all procfs and sysfs with --no-pivot
- built docker @projectatomic/docker-1.13.1 commit 1185cfd
- built docker-runc @projectatomic/docker-1.13.1 commit e4ffe43
* Thu Jul 12 2018 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sun Jul 8 2018 Lokesh Mandvekar
- Resolves: #1598581, #1598582 - CVE-2018-10892
- built docker @projectatomic/docker-1.13.1 commit 9cb56fd
- built docker-runc @projectatomic/docker-1.13.1 commit b425831
- built docker-containerd @projectatomic/docker-1.13.1 commit 42e825a
- built docker-init commit fec3683
- built libnetwork commit d00ceed
[ 1 ] Bug #1663068 - runc: not using pivot_root allows mounting of /proc
https://bugzilla.redhat.com/show_bug.cgi?id=1663068
[ 2 ] Bug #1666565 - CVE-2018-20699 docker: Memory exhaustion via large integer used with --cpuset-mems or --cpuset-cpus
https://bugzilla.redhat.com/show_bug.cgi?id=1666565
[ 3 ] Bug #1598581 - CVE-2018-10892 docker: container breakout without selinux in enforcing mode
https://bugzilla.redhat.com/show_bug.cgi?id=1598581
su -c 'dnf upgrade --advisory FEDORA-2019-723711c645' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
FEDORA-2019-723711c645 2019-01-31 02:11:11.622099 Product : Fedora 28 Version : 1.13.1 Release : 40.git1185cfd.fc28 URL : https://github.com/projectatomic/docker Summary : Automates deployment of containerized applications Description : Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container that a developer builds and tests on a laptop will run at scale, in production*, on VMs, bare-metal servers, OpenStack clusters, public instances, or combinations of the above. - Resolves: #1666565, #1667625 - CVE-2018-20699 - Resolves: #1663068, #1667626 -umount all procfs and sysfs with --no-pivot - built docker @projectatomic/docker-1.13.1 commit 1185cfd - built docker-runc @projectatomic/docker-1.13.1 commit e4ffe43 ---- Resolves: #1598581, #1598582 - CVE-2018-10892 * Sat Jan 19 2019 Lokesh Mandvekar - 2:1.13.1-40.git1185cfd - Resolves: #1666565, #1667625 - CVE-2018-20699 - Resolves: #1663068, #1667626 - umount all procfs and sysfs with --no-pivot - built docker @projectatomic/docker-1.13.1 commit 1185cfd - built docker-runc @projectatomic/docker-1.13.1 commit e4ffe43 * Thu Jul 12 2018 Fedora Release Engineering - 2:1.13.1-38.git9cb56fd - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Sun Jul 8 2018 Lokesh Mandvekar - 2:1.13.1-37.git9cb56fd - Resolves: #1598581, #1598582 - CVE-2018-10892 - built docker @projectatomic/docker-1.13.1 commit 9cb56fd - built docker-runc @projectatomic/docker-1.13.1 commit b425831 - built docker-containerd @projectatomic/docker-1.13.1 commit 42e825a - built docker-init commit fec3683 - built libnetwork commit d00ceed [ 1 ] Bug #1663068 - runc: not using pivot_root allows mounting of /proc https://bugzilla.redhat.com/show_bug.cgi?id=1663068 [ 2 ] Bug #1666565 - CVE-2018-20699 docker: Memory exhaustion via large integer used with --cpuset-mems or --cpuset-cpus https://bugzilla.redhat.com/show_bug.cgi?id=1666565 [ 3 ] Bug #1598581 - CVE-2018-10892 docker: container breakout without selinux in enforcing mode https://bugzilla.redhat.com/show_bug.cgi?id=1598581 su -c 'dnf upgrade --advisory FEDORA-2019-723711c645' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Change Log
References
Update Instructions
