Mageia 2019-0180: docker security update

    Date19 May 2019
    CategoryMageia
    919
    Posted ByLinuxSecurity Advisories
    Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: CVE-2018-16873: cmd/go: remote command execution during "go get -u" (bsc#1118897)
    MGASA-2019-0180 - Updated docker packages fix security vulnerability
    
    Publication date: 19 May 2019
    URL: https://advisories.mageia.org/MGASA-2019-0180.html
    Type: security
    Affected Mageia releases: 6
    CVE: CVE-2018-16873,
         CVE-2018-16874,
         CVE-2018-16875
    
    Security issues fixed for containerd, docker, docker-runc and
    golang-github-docker-libnetwork:
    
    CVE-2018-16873: cmd/go: remote command execution during "go get -u"
    (bsc#1118897)
    CVE-2018-16874: cmd/go: directory traversal in "go get" via curly braces
    in import paths (bsc#1118898)
    CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899)
    
    Non-security issues fixed for docker:
    
    Disable leap based builds for kubic flavor (bsc#1121412)
    Allow users to explicitly specify the NIS domainname of a container
    (bsc#1001161)
    Update docker.service to match upstream and avoid rlimit problems
    (bsc#1112980)
    Allow docker images larger then 23GB (bsc#1118990)
    Docker version update to version 18.09.0-ce (bsc#1115464)
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=24374
    - https://lists.opensuse.org/opensuse-updates/2019-02/msg00078.html
    - https://github.com/docker/docker-ce/blob/v18.09.3/CHANGELOG.md
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16873
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16874
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16875
    
    SRPMS:
    - 6/core/docker-18.06.3-1.2.mga6
    

    LinuxSecurity Poll

    Have you used our RSS feeds?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    21
    radio
    [{"id":"77","title":"Yes, for articles","votes":"2","type":"x","order":"1","pct":28.57,"resources":[]},{"id":"78","title":"Yes, for advisories","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"79","title":"Hybrid that contains both","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"80","title":"No","votes":"3","type":"x","order":"4","pct":42.86,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.