Monday, August 19, 2019

[USN-4103-2] Docker vulnerability

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl1a35EACgkQdyg1Qz0o
XX0xJBAAvIc5cecj9AcZnVuwMB7XfKHQTUJK5BL6Ik/o9zH6FmOZa34njZUSVeco
IwK3H95k+365MzDYSIA6+5rFmWt+VqcYJBXuAhs4huKW1diPcLmmhMq4QS5NmR1O
0M9KCU2KUhuyjb4YdDjMswMSUMe5WQzsVF28K/ZyMQb699sp0M2iHPnnUUC1bZQF
17JQhNKKNbpUPQXZRCxDsEax3ytpmr7AurCYjs4WQ+WgDA3kvmV1EAmAmZrP+EWd
nBKV3TX2MRZhR5loEtUaJlIq6zP4ASE+YzAMdIQjbynQzGu8X83ObnJdBfKkVwp5
LEcUqb4xjGSP9Q0JQSDsTa/t4K868L03s9STr9ozPMk3GftlsR10MFfUOkEPN2F6
wNSUmpx5PQVmH1FudmfPxHydap4Z0SOx0CD7Fml7kUjo5NX05tBIGb7Js3gnDhQE
jvu4yU2g4HOi8Lzu6uCYiR1YgMJU6Yu+BwfedLEg0knTWg8rUqn+9P/b9pSBRtmZ
7FkjdUIJB1YV9krwu8Xe0QwL4qoDcF4BdfA2Xa/6UZs0t0rxSeLbGP3YPnT/xCJ1
CzAyfJjBWmNGalN+p8TlNLBnGmJDzf9SxdTjCXn41+qqTWoocU9DyOAIMDhW/DK8
1a6wil8IS2NhaVwTBWYbmtGy76kagG6ivYBjAbyZHa0rhxUvbIg=
=60lk
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4103-2
August 19, 2019

Docker vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Docker could be made to crash or run programs as your login.

Software Description:
- docker.io: Linux container runtime

Details:

Jasiel Spelman discovered that a double free existed in the docker-credential-
helpers dependency of Docker. A local attacker could use this to cause a denial
of service
(crash) or possibly execute arbitrary code.

Original advisory details:

Jasiel Spelman discovered that a double free existed in docker-credential-
helpers. A local attacker could use this to cause a denial of service
(crash) or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
docker.io 18.09.7-0ubuntu1~19.04.5

Ubuntu 18.04 LTS:
docker.io 18.09.7-0ubuntu1~18.04.4

Ubuntu 16.04 LTS:
docker.io 18.09.7-0ubuntu1~16.04.5

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4103-2
https://usn.ubuntu.com/4103-1
CVE-2019-1020014

Package Information:
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~19.04.5
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~18.04.4
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~16.04.5

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)