Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2018:2482 - Security Advisory
Issued:
2018-08-16
Updated:
2018-08-16

RHSA-2018:2482 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: docker security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for docker is now available for Red Hat Enterprise Linux 7 Extras.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere.

Security Fix(es):

  • docker: container breakout without selinux in enforcing mode (CVE-2018-10892)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

This issue was discovered by Antonio Murdaca (Red Hat).

Bug Fix(es):

  • Previously, the `dontaudit` and `allow` SELinux rules were missing, so the kernel raised a SELinux AVC message. Consequently, some commands did not work as expected. This update adds the missing rules, and the commands now run successfully. (BZ#1550967)
  • Previously, during a restart the container daemon did not restore the state of a container correctly if an exec'ed process was associated with the container. Consequently, the container daemon aborted with 'panic: close of nil channel' when the daemon was handling the termination of the exec'ed process. This bug has been fixed, and the container daemon no longer panics in the aforementioned scenario. (BZ#1554121)
  • Previously, bind mounts were resolved before using them inside a container. Consequently, symlinks could not be mounted inside of the container. With this update, the source of a bind mount is not resolved. As a result, it is possible to bind mount symlinks again into a container. (BZ#1603201)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for Power 9 7 ppc64le
  • Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

  • BZ - 1550967 - Running systemd in container causes AVC denials about mounton /proc and write core_pattern
  • BZ - 1598581 - CVE-2018-10892 docker: container breakout without selinux in enforcing mode
  • BZ - 1603201 - [Regression] docker can't bindmount symbolic links to namespaces (/proc/PID/ns/*)

CVEs

  • CVE-2018-10892

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
docker-1.13.1-74.git6e3bb8e.el7.src.rpm SHA-256: ee6ab4a53a5d22190f202dd5099483e08fae6585a223da4c2f096c523c5be5a5
x86_64
docker-1.13.1-74.git6e3bb8e.el7.x86_64.rpm SHA-256: d683087fac76480e89c4c826f082e4c0179f85d3d2ee67330d4f0b99ed9f7adb
docker-client-1.13.1-74.git6e3bb8e.el7.x86_64.rpm SHA-256: c4df0c677d86d039b45945d5a7d8c0a023659a52a46a2eb6bed3ef2e1dd17e4c
docker-common-1.13.1-74.git6e3bb8e.el7.x86_64.rpm SHA-256: c33fbceec434aa97238f7411e431b78dadd820047a901701cd4875af40428ebe
docker-debuginfo-1.13.1-74.git6e3bb8e.el7.x86_64.rpm SHA-256: 3e0852c37adec5f2602d2686354a2d4cc9601b0a976a7905bd14034d66627006
docker-logrotate-1.13.1-74.git6e3bb8e.el7.x86_64.rpm SHA-256: 077e4f9dc3a21730c2d88a6d8b4b3ecd950eb6c12a211074f48e65308550589c
docker-lvm-plugin-1.13.1-74.git6e3bb8e.el7.x86_64.rpm SHA-256: 87b30fa5517a6243c7bde83183632a2a9f7ca39df0f9d3e7c88d9007c3df24f4
docker-novolume-plugin-1.13.1-74.git6e3bb8e.el7.x86_64.rpm SHA-256: f8a87e7f18688e9843bcbf2a2f5038ce749f7249446eb88af148b2f1990a4289
docker-rhel-push-plugin-1.13.1-74.git6e3bb8e.el7.x86_64.rpm SHA-256: d452b1766495bbe76ff51c5b5205526f925659e0e7242ecc6a2fe5329ecbc871
docker-v1.10-migrator-1.13.1-74.git6e3bb8e.el7.x86_64.rpm SHA-256: ac29ceb0e540698d5c46331c8788c0dfd018f750e9ae98ccffe4a01a5937c35f

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
docker-1.13.1-74.git6e3bb8e.el7.src.rpm SHA-256: ee6ab4a53a5d22190f202dd5099483e08fae6585a223da4c2f096c523c5be5a5
s390x
docker-1.13.1-74.git6e3bb8e.el7.s390x.rpm SHA-256: d597c515c02f935c879f65368c2891ad08df6aee8fdeaf04c40c26d319893af1
docker-client-1.13.1-74.git6e3bb8e.el7.s390x.rpm SHA-256: 5494b96a327a41028b5e2ceb56c5ba9379e9facbfb9786fd7d3d82f9a0c2744c
docker-common-1.13.1-74.git6e3bb8e.el7.s390x.rpm SHA-256: 94b09c690eb6f3539a644f8c8ca5fe8b43ebba4787675fe33bed7518d46e7448
docker-debuginfo-1.13.1-74.git6e3bb8e.el7.s390x.rpm SHA-256: a77db7085f20f5bef2949e1bed29ec47395bfca9127d05516d0d26a066bc1925
docker-logrotate-1.13.1-74.git6e3bb8e.el7.s390x.rpm SHA-256: e87127ba042e3f65832f8e0d7f1198adf000fe655bcec9bc74ee95a6a58b0ea2
docker-lvm-plugin-1.13.1-74.git6e3bb8e.el7.s390x.rpm SHA-256: 0ebdbf935d49e1c33221e975eed8c4a6e9cfbc1e8a420ecad0c43cb63175594e
docker-novolume-plugin-1.13.1-74.git6e3bb8e.el7.s390x.rpm SHA-256: bfdd199c53bab3c1bfadfa33d9ca3af6589c1fccb63717f560199c986f207b34
docker-rhel-push-plugin-1.13.1-74.git6e3bb8e.el7.s390x.rpm SHA-256: 92b26d6621c03587c9d151b704c3e4670adc60214b597eae050367a2a089e18b
docker-v1.10-migrator-1.13.1-74.git6e3bb8e.el7.s390x.rpm SHA-256: 5becebb390e9fdba7cda68ceeeaa6f199628c3ee85e6dea66472996280d20107

Red Hat Enterprise Linux for Power, little endian 7

SRPM
docker-1.13.1-74.git6e3bb8e.el7.src.rpm SHA-256: ee6ab4a53a5d22190f202dd5099483e08fae6585a223da4c2f096c523c5be5a5
ppc64le
docker-1.13.1-74.git6e3bb8e.el7.ppc64le.rpm SHA-256: fdd56a12da9757c818b9d7d63f4970cb9426bc66eaa04c55360e4d134bd30b6d
docker-client-1.13.1-74.git6e3bb8e.el7.ppc64le.rpm SHA-256: d405fa7e76136576e1b1128b36cdd28526dd6bf68b2e44de0634e7781c404098
docker-common-1.13.1-74.git6e3bb8e.el7.ppc64le.rpm SHA-256: 30c7c54d9b42ae58a0f408202ea34ffd02a1b26c0c65a496f9839c0b9a0da0c5
docker-debuginfo-1.13.1-74.git6e3bb8e.el7.ppc64le.rpm SHA-256: 13b95a6727b4940d922a5e1c5cfc654efca170a127fb0edafc0f6c9e6a5b31b0
docker-logrotate-1.13.1-74.git6e3bb8e.el7.ppc64le.rpm SHA-256: 35d71ca72e98b819bb8224414488cc1c27fd111a106e8888ce37bde772130bf3
docker-lvm-plugin-1.13.1-74.git6e3bb8e.el7.ppc64le.rpm SHA-256: d035aeaece345a2f407ed3736c159e219ca970c871d870fa3757fa386d403a1e
docker-novolume-plugin-1.13.1-74.git6e3bb8e.el7.ppc64le.rpm SHA-256: 0909fa0226b094ef0962c3fe6248643155727c967a70b3329675127e7c75ac8a
docker-rhel-push-plugin-1.13.1-74.git6e3bb8e.el7.ppc64le.rpm SHA-256: 4682b4e2bf1f6867816551e42c612eec58611266716ca0f852170f3a7bfba186
docker-v1.10-migrator-1.13.1-74.git6e3bb8e.el7.ppc64le.rpm SHA-256: f5c5fe2fa523e9aa032c0ba179355e99d8617d7865229a9358dbc28c7462b438

Red Hat Enterprise Linux for Power 9 7

SRPM
docker-1.13.1-74.git6e3bb8e.el7.src.rpm SHA-256: ee6ab4a53a5d22190f202dd5099483e08fae6585a223da4c2f096c523c5be5a5
ppc64le
docker-1.13.1-74.git6e3bb8e.el7.ppc64le.rpm SHA-256: fdd56a12da9757c818b9d7d63f4970cb9426bc66eaa04c55360e4d134bd30b6d
docker-client-1.13.1-74.git6e3bb8e.el7.ppc64le.rpm SHA-256: d405fa7e76136576e1b1128b36cdd28526dd6bf68b2e44de0634e7781c404098
docker-common-1.13.1-74.git6e3bb8e.el7.ppc64le.rpm SHA-256: 30c7c54d9b42ae58a0f408202ea34ffd02a1b26c0c65a496f9839c0b9a0da0c5
docker-debuginfo-1.13.1-74.git6e3bb8e.el7.ppc64le.rpm SHA-256: 13b95a6727b4940d922a5e1c5cfc654efca170a127fb0edafc0f6c9e6a5b31b0
docker-logrotate-1.13.1-74.git6e3bb8e.el7.ppc64le.rpm SHA-256: 35d71ca72e98b819bb8224414488cc1c27fd111a106e8888ce37bde772130bf3
docker-lvm-plugin-1.13.1-74.git6e3bb8e.el7.ppc64le.rpm SHA-256: d035aeaece345a2f407ed3736c159e219ca970c871d870fa3757fa386d403a1e
docker-novolume-plugin-1.13.1-74.git6e3bb8e.el7.ppc64le.rpm SHA-256: 0909fa0226b094ef0962c3fe6248643155727c967a70b3329675127e7c75ac8a
docker-rhel-push-plugin-1.13.1-74.git6e3bb8e.el7.ppc64le.rpm SHA-256: 4682b4e2bf1f6867816551e42c612eec58611266716ca0f852170f3a7bfba186
docker-v1.10-migrator-1.13.1-74.git6e3bb8e.el7.ppc64le.rpm SHA-256: f5c5fe2fa523e9aa032c0ba179355e99d8617d7865229a9358dbc28c7462b438

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
docker-1.13.1-74.git6e3bb8e.el7.src.rpm SHA-256: ee6ab4a53a5d22190f202dd5099483e08fae6585a223da4c2f096c523c5be5a5
s390x
docker-1.13.1-74.git6e3bb8e.el7.s390x.rpm SHA-256: d597c515c02f935c879f65368c2891ad08df6aee8fdeaf04c40c26d319893af1
docker-client-1.13.1-74.git6e3bb8e.el7.s390x.rpm SHA-256: 5494b96a327a41028b5e2ceb56c5ba9379e9facbfb9786fd7d3d82f9a0c2744c
docker-common-1.13.1-74.git6e3bb8e.el7.s390x.rpm SHA-256: 94b09c690eb6f3539a644f8c8ca5fe8b43ebba4787675fe33bed7518d46e7448
docker-debuginfo-1.13.1-74.git6e3bb8e.el7.s390x.rpm SHA-256: a77db7085f20f5bef2949e1bed29ec47395bfca9127d05516d0d26a066bc1925
docker-logrotate-1.13.1-74.git6e3bb8e.el7.s390x.rpm SHA-256: e87127ba042e3f65832f8e0d7f1198adf000fe655bcec9bc74ee95a6a58b0ea2
docker-lvm-plugin-1.13.1-74.git6e3bb8e.el7.s390x.rpm SHA-256: 0ebdbf935d49e1c33221e975eed8c4a6e9cfbc1e8a420ecad0c43cb63175594e
docker-novolume-plugin-1.13.1-74.git6e3bb8e.el7.s390x.rpm SHA-256: bfdd199c53bab3c1bfadfa33d9ca3af6589c1fccb63717f560199c986f207b34
docker-rhel-push-plugin-1.13.1-74.git6e3bb8e.el7.s390x.rpm SHA-256: 92b26d6621c03587c9d151b704c3e4670adc60214b597eae050367a2a089e18b
docker-v1.10-migrator-1.13.1-74.git6e3bb8e.el7.s390x.rpm SHA-256: 5becebb390e9fdba7cda68ceeeaa6f199628c3ee85e6dea66472996280d20107

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter