This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7102237641475253251==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="xqDbnJphh2u4O9Hlmp7QIiwujPOLw8dRA"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--xqDbnJphh2u4O9Hlmp7QIiwujPOLw8dRA
Content-Type: multipart/mixed; boundary="JU4aMuNXcXzGVA2MKmYwDSdmunuNhnR5x";
protected-headers="v1"
From: Mike Salvatore
Reply-To: security
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <26c5a89a-fcd3-d8a1-02f8-0d7acb3f1601@canonical.com>
Subject: [USN-4048-1] Docker vulnerabilities
References: <20190708144231.55D8126C28EB@lillypilly.canonical.com>
In-Reply-To: <20190708144231.55D8126C28EB@lillypilly.canonical.com>
--JU4aMuNXcXzGVA2MKmYwDSdmunuNhnR5x
Content-Type: text/plain; charset=utf-8
Content-Language: en-U
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-4048-1
July 08, 2019
Docker vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Docker could be made to overwrite files as the administrator.
Software Description:
- docker.io: Linux container runtime
Details:
Aleksa Sarai discovered that Docker was vulnerable to a directory traversal
attack. An attacker could use this vulnerability to read and write arbitrary
files on the host filesystem as root.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
docker.io 18.09.7-0ubuntu1~19.04.4
Ubuntu 18.10:
docker.io 18.09.7-0ubuntu1~18.10.3
Ubuntu 18.04 LTS:
docker.io 18.09.7-0ubuntu1~18.04.3
Ubuntu 16.04 LTS:
docker.io 18.09.7-0ubuntu1~16.04.4
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/4048-1
CVE-2018-15664, CVE-2019-5736
Package Information:
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~19.04.4
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~18.10.3
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~18.04.3
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~16.04.4
--JU4aMuNXcXzGVA2MKmYwDSdmunuNhnR5x--
--xqDbnJphh2u4O9Hlmp7QIiwujPOLw8dRA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl0jbhAACgkQdyg1Qz0o
XX2u7A/+J2djstlGcpM+2q6KZxzRRApwTM69q+wh2p6VCFrhLRB3aqGwiBOtcJrh
EQCVXw6rdqeoadNoLh4T1+Y7m1FSW/Pb0OPs73O39/KV5vXWoyYNJfjioileODIw
egkGXs9yaXRQy0EIbPoIDJjV/6qGPNWUBqO3GqR5axZoIW2nbnBdPAU5bo/uR4yI
kcrFhFruJxxxQzUKMHYsv8/q+C/UOF6kKsIUPJIDaG/2hXkyz6C6LsgQAwRe46hX
de1/hZJphtfHo0gLMGZ+uzwnMgVDN1uQDgqMVnOV8B7nuvrAym+NtqyhwQN8sC5Q
Vo+PapMpewRYhfTy+N/7ePCUFzvp5Bgq50eC/aF20TPFDk96xMdfJc7hAJvCm7PQ
NssYUIbTNC/K1xjVvtoA86eFCOaFmS2qC3vXzdkQJmtLazd8fRytwskWpL5QjD4H
RJpIWLpIp38VjEYLd5gTmNvfH/9zq7KlK2zPKcR8ZSc33/JK/SecT6UEOL3BF7AL
EmC7jhjFTwug2ol9/mfP1YbEESMMx9qp2DO5P8SRWM75MYZ2EHtAds3v+FqybUwX
EBmYi4OqSkixLKSrCoDSF+suHD/ktjBKA+qL3fb+S9qiqWDZrOFwE9UzbLONL8UL
DZJg6i7zDinO0ylqrRSuYrWbk9v3IaaSCXyiiKt1t1MepdCDyiQ=
=zerJ
-----END PGP SIGNATURE-----
--xqDbnJphh2u4O9Hlmp7QIiwujPOLw8dRA--
--===============7102237641475253251==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK
--===============7102237641475253251==--
|