Fedora 28 FEDORA-2019-723711c645 Critical Docker Memory Exhaustion Threat

Docker is an open-source engine that automates the deployment of any

application as a lightweight, portable, self-sufficient container that will

run virtually anywhere.

Docker containers can encapsulate any payload, and will run consistently on

and between virtually any server. The same container that a developer builds

and tests on a laptop will run at scale, in production*, on VMs, bare-metal

servers, OpenStack clusters, public instances, or combinations of the above.

- Resolves: #1666565, #1667625 - CVE-2018-20699 - Resolves: #1663068, #1667626 -umount all procfs and sysfs with --no-pivot - built docker

@projectatomic/docker-1.13.1 commit 1185cfd - built docker-runc

@projectatomic/docker-1.13.1 commit e4ffe43 ---- Resolves: #1598581, #1598582

- CVE-2018-10892

* Sat Jan 19 2019 Lokesh Mandvekar - 2:1.13.1-40.git1185cfd

- Resolves: #1666565, #1667625 - CVE-2018-20699

- Resolves: #1663068, #1667626 - umount all procfs and sysfs with --no-pivot

- built docker @projectatomic/docker-1.13.1 commit 1185cfd

- built docker-runc @projectatomic/docker-1.13.1 commit e4ffe43

* Thu Jul 12 2018 Fedora Release Engineering - 2:1.13.1-38.git9cb56fd

- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Sun Jul 8 2018 Lokesh Mandvekar - 2:1.13.1-37.git9cb56fd

- Resolves: #1598581, #1598582 - CVE-2018-10892

- built docker @projectatomic/docker-1.13.1 commit 9cb56fd

- built docker-runc @projectatomic/docker-1.13.1 commit b425831

- built docker-containerd @projectatomic/docker-1.13.1 commit 42e825a

- built docker-init commit fec3683

- built libnetwork commit d00ceed

[ 1 ] Bug #1663068 - runc: not using pivot_root allows mounting of /proc

https://bugzilla.redhat.com/show_bug.cgi?id=1663068

[ 2 ] Bug #1666565 - CVE-2018-20699 docker: Memory exhaustion via large integer used with --cpuset-mems or --cpuset-cpus

https://bugzilla.redhat.com/show_bug.cgi?id=1666565

[ 3 ] Bug #1598581 - CVE-2018-10892 docker: container breakout without selinux in enforcing mode

https://bugzilla.redhat.com/show_bug.cgi?id=1598581

su -c 'dnf upgrade --advisory FEDORA-2019-723711c645' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org