Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Docker
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Docker
ID: USN-4048-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, Ubuntu 19.04
Datum: Mo, 8. Juli 2019, 19:45
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736
Applikationen: Docker

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7102237641475253251==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="xqDbnJphh2u4O9Hlmp7QIiwujPOLw8dRA"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--xqDbnJphh2u4O9Hlmp7QIiwujPOLw8dRA
Content-Type: multipart/mixed;
boundary="JU4aMuNXcXzGVA2MKmYwDSdmunuNhnR5x";
protected-headers="v1"
From: Mike Salvatore <mike.salvatore@canonical.com>
Reply-To: security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <26c5a89a-fcd3-d8a1-02f8-0d7acb3f1601@canonical.com>
Subject: [USN-4048-1] Docker vulnerabilities
References: <20190708144231.55D8126C28EB@lillypilly.canonical.com>
In-Reply-To: <20190708144231.55D8126C28EB@lillypilly.canonical.com>

--JU4aMuNXcXzGVA2MKmYwDSdmunuNhnR5x
Content-Type: text/plain; charset=utf-8
Content-Language: en-U
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4048-1
July 08, 2019

Docker vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Docker could be made to overwrite files as the administrator.

Software Description:
- docker.io: Linux container runtime

Details:

Aleksa Sarai discovered that Docker was vulnerable to a directory traversal
attack. An attacker could use this vulnerability to read and write arbitrary
files on the host filesystem as root.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
docker.io 18.09.7-0ubuntu1~19.04.4

Ubuntu 18.10:
docker.io 18.09.7-0ubuntu1~18.10.3

Ubuntu 18.04 LTS:
docker.io 18.09.7-0ubuntu1~18.04.3

Ubuntu 16.04 LTS:
docker.io 18.09.7-0ubuntu1~16.04.4

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/4048-1
CVE-2018-15664, CVE-2019-5736

Package Information:
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~19.04.4
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~18.10.3
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~18.04.3
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~16.04.4


--JU4aMuNXcXzGVA2MKmYwDSdmunuNhnR5x--

--xqDbnJphh2u4O9Hlmp7QIiwujPOLw8dRA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl0jbhAACgkQdyg1Qz0o
XX2u7A/+J2djstlGcpM+2q6KZxzRRApwTM69q+wh2p6VCFrhLRB3aqGwiBOtcJrh
EQCVXw6rdqeoadNoLh4T1+Y7m1FSW/Pb0OPs73O39/KV5vXWoyYNJfjioileODIw
egkGXs9yaXRQy0EIbPoIDJjV/6qGPNWUBqO3GqR5axZoIW2nbnBdPAU5bo/uR4yI
kcrFhFruJxxxQzUKMHYsv8/q+C/UOF6kKsIUPJIDaG/2hXkyz6C6LsgQAwRe46hX
de1/hZJphtfHo0gLMGZ+uzwnMgVDN1uQDgqMVnOV8B7nuvrAym+NtqyhwQN8sC5Q
Vo+PapMpewRYhfTy+N/7ePCUFzvp5Bgq50eC/aF20TPFDk96xMdfJc7hAJvCm7PQ
NssYUIbTNC/K1xjVvtoA86eFCOaFmS2qC3vXzdkQJmtLazd8fRytwskWpL5QjD4H
RJpIWLpIp38VjEYLd5gTmNvfH/9zq7KlK2zPKcR8ZSc33/JK/SecT6UEOL3BF7AL
EmC7jhjFTwug2ol9/mfP1YbEESMMx9qp2DO5P8SRWM75MYZ2EHtAds3v+FqybUwX
EBmYi4OqSkixLKSrCoDSF+suHD/ktjBKA+qL3fb+S9qiqWDZrOFwE9UzbLONL8UL
DZJg6i7zDinO0ylqrRSuYrWbk9v3IaaSCXyiiKt1t1MepdCDyiQ=
=zerJ
-----END PGP SIGNATURE-----

--xqDbnJphh2u4O9Hlmp7QIiwujPOLw8dRA--


--===============7102237641475253251==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============7102237641475253251==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung