MGASA-2019-0180 - Updated docker packages fix security vulnerability

Publication date: 19 May 2019
URL: https://advisories.mageia.org/MGASA-2019-0180.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2018-16873,
     CVE-2018-16874,
     CVE-2018-16875

Security issues fixed for containerd, docker, docker-runc and
golang-github-docker-libnetwork:

CVE-2018-16873: cmd/go: remote command execution during "go get -u"
(bsc#1118897)
CVE-2018-16874: cmd/go: directory traversal in "go get" via curly braces
in import paths (bsc#1118898)
CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899)

Non-security issues fixed for docker:

Disable leap based builds for kubic flavor (bsc#1121412)
Allow users to explicitly specify the NIS domainname of a container
(bsc#1001161)
Update docker.service to match upstream and avoid rlimit problems
(bsc#1112980)
Allow docker images larger then 23GB (bsc#1118990)
Docker version update to version 18.09.0-ce (bsc#1115464)

References:
- https://bugs.mageia.org/show_bug.cgi?id=24374
- - https://github.com/docker/docker-ce/blob/v18.09.3/CHANGELOG.md
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16873
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16874
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16875

SRPMS:
- 6/core/docker-18.06.3-1.2.mga6

Mageia 2019-0180: docker security update

Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: CVE-2018-16873: cmd/go: remote command execution during "go get -u" (bsc#1118897)

Summary

Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork:
CVE-2018-16873: cmd/go: remote command execution during "go get -u" (bsc#1118897) CVE-2018-16874: cmd/go: directory traversal in "go get" via curly braces in import paths (bsc#1118898) CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899)
Non-security issues fixed for docker:
Disable leap based builds for kubic flavor (bsc#1121412) Allow users to explicitly specify the NIS domainname of a container (bsc#1001161) Update docker.service to match upstream and avoid rlimit problems (bsc#1112980) Allow docker images larger then 23GB (bsc#1118990) Docker version update to version 18.09.0-ce (bsc#1115464)

References

- https://bugs.mageia.org/show_bug.cgi?id=24374

- - https://github.com/docker/docker-ce/blob/v18.09.3/CHANGELOG.md

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16873

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16874

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16875

Resolution

MGASA-2019-0180 - Updated docker packages fix security vulnerability

SRPMS

- 6/core/docker-18.06.3-1.2.mga6

Severity
Publication date: 19 May 2019
URL: https://advisories.mageia.org/MGASA-2019-0180.html
Type: security
CVE: CVE-2018-16873, CVE-2018-16874, CVE-2018-16875

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved