Red Hat Enterprise Linux: RHSA-2019-0487-01 Low: Docker Memory Issues

red hat

March 13, 2019

An update for docker is now available for Red Hat Enterprise Linux 7 Extras

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere.
Security Fix(es):
* docker: Memory exhaustion via large integer used with --cpuset-mems or - --cpuset-cpus (CVE-2018-20699)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* docker runc 'panic: runtime error: invalid memory address or nil pointer dereference' (BZ#1556901)
* temp files in /var/lib/docker persist (BZ#1645591)
* Docker needs to support PIDs Limit for all containers created. (BZ#1660876)
* dockerd may leak memory resources if uncompressing a layer fails (BZ#1661443)
* Docker may not properly close hijacked streams (BZ#1668042)
* Director deployed OCP 3.11 deployment fails with openshift-ansible getting stuck when restarting docker service on master nodes (BZ#1671861)
* Docker service hang (BZ#1678096)

Topics Covered

security advisory Red Hat bug fixes memory exhaustion low impact docker issue service hang

References

https://access.redhat.com/security/cve/CVE-2018-20699 https://access.redhat.com/security/updates/classification#low

Package List

Red Hat Enterprise Linux 7 Extras:
Source: docker-1.13.1-94.gitb2f74b2.el7.src.rpm
aarch64: docker-1.13.1-94.gitb2f74b2.el7.aarch64.rpm docker-client-1.13.1-94.gitb2f74b2.el7.aarch64.rpm docker-common-1.13.1-94.gitb2f74b2.el7.aarch64.rpm docker-debuginfo-1.13.1-94.gitb2f74b2.el7.aarch64.rpm docker-logrotate-1.13.1-94.gitb2f74b2.el7.aarch64.rpm docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.aarch64.rpm docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.aarch64.rpm docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.aarch64.rpm docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.aarch64.rpm
ppc64le: docker-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm docker-client-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm docker-common-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm docker-debuginfo-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm docker-logrotate-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm
s390x: docker-1.13.1-94.gitb2f74b2.el7.s390x.rpm docker-client-1.13.1-94.gitb2f74b2.el7.s390x.rpm docker-common-1.13.1-94.gitb2f74b2.el7.s390x.rpm docker-debuginfo-1.13.1-94.gitb2f74b2.el7.s390x.rpm

Read the Full Advisory

Severity

low

Lowest

Low

Medium

High

Critical

Advisory ID: RHSA-2019:0487-01

Product: Red Hat Enterprise Linux Extras

Advisory URL: https://access.redhat.com/errata/RHSA-2019:0487

Issue date: 2019-03-12

Topic

An update for docker is now available for Red Hat Enterprise Linux 7Extras.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics Covered

security advisory Red Hat bug fixes memory exhaustion low impact docker issue service hang

Relevant Releases Architectures

Red Hat Enterprise Linux 7 Extras - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

1645591 - temp files in /var/lib/docker persist

1660876 - Docker needs to support PIDs Limit for all containers created.

1661443 - dockerd may leak memory resources if uncompressing a layer fails

1666565 - CVE-2018-20699 docker: Memory exhaustion via large integer used with --cpuset-mems or --cpuset-cpus

1668042 - Docker may not properly close hijacked streams

1671861 - Director deployed OCP 3.11 deployment fails with openshift-ansible getting stuck when restarting docker service on master nodes

1678096 - Docker service hang

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Red Hat Enterprise Linux: RHSA-2019-0487-01 Low: Docker Memory Issues

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Red Hat Enterprise Linux: RHSA-2019-0487-01 Low: Docker Memory Issues

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!