-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl1a0AgACgkQdyg1Qz0o
XX39og/9HPKT8cognVD3TYks4/TmpxkMky5hWkZI0Jm1H3QSF4RwKb1vZjHIIjBw
TUVVdkhUJNsJ/DDhUFrirCb/qoFzyu0q95+W33gD6VDqmEDfYW9zLf4zgNyyxVqt
5KbSoCBqZPqgYrp0MtL8/EG3JXb65RVK8etFowInGHodAPHZGgbh+y32lP/sv3Ky
wom3O3K2hWKdbdfeiSg242rhomzhj2OI5TnuuIWQ9PY03GZqx1d4GAP+yFhq5UIi
G7E7wXJB+8f3FF/2CpuBCKDX89MZXn3yKmIBge2TE90JIiULhxQhSak11zT+w7kO
iV4aomzA7jqp+aSqCUNk2kuoef33DX+91UzmpSIpe8cJwkJv4Ycwt7He0ScIRYhL
X6srrczXLjn7cTdR/ZDsKUB2CxFu7pKI2YkuJDCMUJtmdIjcGHTg/LPmnVYc/KEn
dG0Vr2u95+TbsGj66ICdY8IZIiGXFAx2FWe27dSr/2K/TTe04thRjheaXve+xgXi
VVuC4bTqoaUf5KNOjbo3zmZ8mnfAvrhYwrN4Ws73jm7wN39AJK0EbZRDvvROMr7N
FuGzjGO4Ie79vIc8I8CuaRWv3T099AveAuP6s5vqjDYXBEMQIYPsRdGsU0Ax7LVP
dYSCEbDuYrbR3XLMURyf+ctFs+71kRGWX1UQN1FcdlkfomsQaMQ=
=/jyR
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4103-1
August 19, 2019
docker-credential-helpers vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
Summary:
docker-credential-helpers could be made to crash or run programs as your login
Software Description:
- golang-github-docker-docker-credential-helpers: Use native stores to safeguard
Docker credentials
Details:
Jasiel Spelman discovered that a double free existed in docker-credential-
helpers. A local attacker could use this to cause a denial of service
(crash) or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
golang-docker-credential-helpers 0.6.1-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4103-1
CVE-2019-1020014
Package Information:
https://launchpad.net/ubuntu/+source/golang-github-docker-docker-credential-helpers/0.6.1-1ubuntu0.1
No comments:
Post a Comment