Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Fedora 28: 2018-9695e9b0ed Critical: Docker Container Breakout

fedora
Calendar Grey July 12, 2018
Dist Fedora Esm H88
Important docker security patch for Fedora 28 addresses CVE-2018-10892 to mitigate container escape vulnerabilities. Ensure you update immediately!
Resolves: #1598581, #1598583 - CVE-2018-10892

Summary

Docker is an open-source engine that automates the deployment of any

application as a lightweight, portable, self-sufficient container that will

run virtually anywhere.

Docker containers can encapsulate any payload, and will run consistently on

and between virtually any server. The same container that a developer builds

and tests on a laptop will run at scale, in production*, on VMs, bare-metal

servers, OpenStack clusters, public instances, or combinations of the above.

Resolves: #1598581, #1598583 - CVE-2018-10892

* Sun Jul 8 2018 Lokesh Mandvekar - 2:1.13.1-60.git9cb56fd

- Resolves: #1598581, #1598583 - CVE-2018-10892

- built docker @projectatomic/docker-1.13.1 commit 9cb56fd

- built docker-novolume-plugin commit 385ec70

- built rhel-push-plugin commit af9107b

- built docker-lvm-plugin commit 20a1f68

- built docker-runc @projectatomic/docker-1.13.1 commit b425831

- built docker-containerd @projectatomic/docker-1.13.1 commit 42e825a

- built docker-init commit fec3683

- built libnetwork commit d00ceed

- update comments in /etc/sysconfig/docker RE: registries.conf

From: Tom Sweeney

* Tue Jun 12 2018 Lokesh Mandvekar - 2:1.13.1-59.gitaf6b32b

- built docker @projectatomic/docker-1.13.1 commit af6b32b

- built docker-novolume-plugin commit 385ec70

- built rhel-push-plugin commit af9107b

- built docker-lvm-plugin commit 6675634

- built docker-runc @projectatomic/docker-1.13.1 commit b425831

- built docker-containerd @projectatomic/docker-1.13.1 commit 375cb68

- built docker-init commit fec3683

- built libnetwork commit 19279f0

* Tue Jun 12 2018 Frantisek Kluknavsky - 2:1.13.1-58.git6c336e4

- built docker-runc @projectatomic/docker-1.13.1 commit 18eb957

* Wed Jun 6 2018 Frantisek Kluknavsky - 2:1.13.1-57.git6c336e4

- remove outdated comment about docker_transition_unconfined

* Thu May 24 2018 Frantisek Kluknavsky - 2:1.13.1-56.git6c336e4

- rebased container-storage-setup to 0.11.0 commit 65f91d4

* Wed May 23 2018 Colin Walters - 2:1.13.1-55.git6c336e4

- Drop oci-register-machine Recommends; this broke a downstream build because

oci-register-machine was missing systemd-nspawn as a dependency, but generally

it has not been worth maintaining.

See previous discussion: https://lists.projectatomic.io/projectatomic-archives/atomic-devel/2016-May/msg00051.html

* Mon May 21 2018 Frantisek Kluknavsky - 2:1.13.1-54.git6c336e4

- Resolves: #1559274

- built docker @projectatomic/docker-1.13.1 commit 6c336e4

- built docker-novolume-plugin commit 385ec70

- built rhel-push-plugin commit af9107b

- built docker-lvm-plugin commit 04caa55

- built docker-runc @projectatomic/docker-1.13.1 commit 345dcfa

- built docker-containerd @projectatomic/docker-1.13.1 commit 375cb68

- built docker-init commit 5b117de

- built libnetwork commit c15b372

* Tue May 15 2018 Frantisek Kluknavsky - 2:1.13.1-53.git89b0e65

- do not compress debuginfo with dwz to support delve debugger

* Fri Apr 13 2018 Lokesh Mandvekar - 2:1.13.1-52.git89b0e65

- Resolves: #1558425

- built docker @projectatomic/docker-1.13.1 commit 89b0e65

- built docker-novolume-plugin commit 385ec70

- built rhel-push-plugin commit af9107b

- built docker-lvm-plugin commit 04caa55

- built docker-runc @projectatomic/docker-1.13.1 commit 345dcfa

- built docker-containerd @projectatomic/docker-1.13.1 commit 375cb68

- built docker-init commit 5b117de

- built libnetwork commit c15b372

[ 1 ] Bug #1598581 - CVE-2018-10892 docker: container breakout without selinux in enforcing mode

https://bugzilla.redhat.com/show_bug.cgi?id=1598581

su -c 'dnf upgrade --advisory FEDORA-2018-9695e9b0ed' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZROWSFFIHGDTF4YUUQMDDKXOWPTGADSF/

Topics%20covered

Topics Covered

security advisory software update Fedora docker container breakout

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 28
Version: 1.13.1
Release: 60.git9cb56fd.fc28
URL: https://github.com/projectatomic/docker
Summary: Automates deployment of containerized applications

Topics%20covered

Topics Covered

security advisory software update Fedora docker container breakout

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here