docker-1.13.1-102.git7f2769b.0.1.el7.AXS7
エラータID: AXSA:2019-3988:03
Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere.
Security Fix(es):
* docker: symlink-exchange race attacks in docker cp (CVE-2018-15664)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* slowness of system shutdown when containers are being stopped - dockerd is unable to communicate with rhel-push-plugin (BZ#1714032)
* journald Log() in dockerd causes nil pointer dereference when PutMessage() is called before reading msg.Source (BZ#1720363)
* regression: docker cp: Rel: can't make /..../a relative to a (BZ#1723491)
* Regression: docker cp: can no longer pull image files (BZ#1727488)
CVE-2018-15664
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).
Update packages.
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).
N/A
SRPMS
- docker-1.13.1-102.git7f2769b.0.1.el7.AXS7.src.rpm
MD5: e582a199594e1ca214f248c9cf1ad07a
SHA-256: bd1e23c5f5ef2435ba03ecb7d4b7b6d2e584196402e77d0b6552658307eab52b
Size: 13.94 MB
Asianux Server 7 for x86_64
- docker-1.13.1-102.git7f2769b.0.1.el7.AXS7.x86_64.rpm
MD5: a97ab5c1ae5641b6e017c918b74767dc
SHA-256: 3119add8ed20f76df079624f2ab49f37f143f038327ef24e754f5c4bfdc8170f
Size: 17.66 MB - docker-client-1.13.1-102.git7f2769b.0.1.el7.AXS7.x86_64.rpm
MD5: 1cf0b7d49e75ba796e8f3ff4376fe0fe
SHA-256: 4346a52167b2f7819f261b90d3eb4d52944930b1719d1c4cd9bf7400debe1ce3
Size: 3.89 MB - docker-common-1.13.1-102.git7f2769b.0.1.el7.AXS7.x86_64.rpm
MD5: c103a0c0350559cf2bc567685c919604
SHA-256: 275e222420accf6b2957e56c351b93625e8b49a54097528fc994523829fb9644
Size: 95.79 kB - docker-logrotate-1.13.1-102.git7f2769b.0.1.el7.AXS7.x86_64.rpm
MD5: ad68a37fc5450f4a4e977ba906df2b25
SHA-256: 893643bb36e5712a71ebfc7f28f1ebd26f8729369a249ce708fe111b758850cb
Size: 93.77 kB - docker-lvm-plugin-1.13.1-102.git7f2769b.0.1.el7.AXS7.x86_64.rpm
MD5: 719e40d89acfa0805ffb9834197768bb
SHA-256: bdbde20ec2fed8845f7773f66da9a4360b0f669ca38a6f132425fa76f1ca5b9c
Size: 1.87 MB - docker-novolume-plugin-1.13.1-102.git7f2769b.0.1.el7.AXS7.x86_64.rpm
MD5: 802d842005c6999a1b569d7e1cce0611
SHA-256: 10254191c6f9bf3ffff3613487fbc21a1c725d4fc422df57e6aefbb0c72abfd9
Size: 1.88 MB - docker-v1.10-migrator-1.13.1-102.git7f2769b.0.1.el7.AXS7.x86_64.rpm
MD5: fae5b71c542c20147cdf03167061c41d
SHA-256: 8dc84e5f5c44a0a41650d04105ef33219733cabbecdfbc4c4e405b4145a5065c
Size: 2.68 MB