Sicherheit: Ausführen beliebiger Kommandos in docker
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in docker
ID: FEDORA-2019-df2e68aa6b
Distribution: Fedora
Plattformen: Fedora 29
Datum: Fr, 15. Februar 2019, 07:39
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736
Applikationen: Docker


Fedora Update Notification
2019-02-15 02:38:13.055568

Name : docker
Product : Fedora 29
Version : 1.13.1
Release : 65.git1185cfd.fc29
URL : https://github.com/projectatomic/docker
Summary : Automates deployment of containerized applications
Description :
Docker is an open-source engine that automates the deployment of any
application as a lightweight, portable, self-sufficient container that will
run virtually anywhere.

Docker containers can encapsulate any payload, and will run consistently on
and between virtually any server. The same container that a developer builds
and tests on a laptop will run at scale, in production*, on VMs, bare-metal
servers, OpenStack clusters, public instances, or combinations of the above.

Update Information:

Security fix for CVE-2019-5736

* Tue Feb 12 2019 Lokesh Mandvekar <lsm5@fedoraproject.org> -
- Resolves: #1664908, #1674491 - Security fix for CVE-2019-5736
- use setup instead of autosetup to add runc cve patch
* Sat Jan 19 2019 Lokesh Mandvekar <lsm5@fedoraproject.org> -
- Resolves: #1666565, #1666566 - CVE-2018-20699
- Resolves: #1663068, #1667622 - umount all procfs and sysfs with --no-pivot
- built docker @projectatomic/docker-1.13.1 commit 1185cfd
- built docker-runc @projectatomic/docker-1.13.1 commit e4ffe43

[ 1 ] Bug #1664908 - CVE-2019-5736 runc: Execution of malicious containers
allows for container escape and access to host filesystem

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-df2e68aa6b' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten