Issued:
2019-02-11
Updated:
2019-02-11

RHSA-2019:0304 - Security Advisory

Synopsis

Important: docker security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for docker is now available for Red Hat Enterprise Linux 7 Extras.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere.

Security Fix(es):

  • A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736)

Additional details about this flaw, including mitigation information, can be found in the vulnerability article linked from the Reference section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for ARM 64 7 aarch64
  • Red Hat Enterprise Linux for Power 9 7 ppc64le
  • Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

  • BZ - 1664908 - CVE-2019-5736 runc: Execution of malicious containers allows for container escape and access to host filesystem

Red Hat Enterprise Linux Server 7

SRPM
docker-1.13.1-91.git07f3374.el7.src.rpm SHA-256: e37ddf2764f2008fa94643d885f05ab4f7061692ec338a89d7534b843a16abb2
x86_64
docker-1.13.1-91.git07f3374.el7.x86_64.rpm SHA-256: 61cf3574f8d9e8d32c4b8ed1ea46ac09be52472a67bd536a93970b44f058a7ca
docker-client-1.13.1-91.git07f3374.el7.x86_64.rpm SHA-256: 92cee3ebeeb018c67ae3574946ee603f9305544fe6a2e196cabd20ab85f05dd8
docker-common-1.13.1-91.git07f3374.el7.x86_64.rpm SHA-256: 21ee82825660695a84da3f7e4b0b9a70812f6a791b26babca9ba6808ece025f0
docker-debuginfo-1.13.1-91.git07f3374.el7.x86_64.rpm SHA-256: ae3cc1ca27c48a6846406216b91a47153da762349efbc6f19693f498d64ab637
docker-logrotate-1.13.1-91.git07f3374.el7.x86_64.rpm SHA-256: fa6f94451a98525d44683275fa9b54710273fa90426ab1087aea3c5ad73d0fe0
docker-lvm-plugin-1.13.1-91.git07f3374.el7.x86_64.rpm SHA-256: a1da0a747363423a13c433e1b79b0ac3b18bda7dfd09c38d8c90646c5cada2d6
docker-novolume-plugin-1.13.1-91.git07f3374.el7.x86_64.rpm SHA-256: 57374c1bde3033ab5aa977e15cf20f4f2e7dc30fc76a5651aeecb681012e3a00
docker-rhel-push-plugin-1.13.1-91.git07f3374.el7.x86_64.rpm SHA-256: 29d1d8891bebb9b56859a0faf3243b1e52bdf5599fd926323d6745afca76d0b2
docker-v1.10-migrator-1.13.1-91.git07f3374.el7.x86_64.rpm SHA-256: 1303ee51e95c967a923cda2f3185a06884c3811ac56eb238a3762fb4f7e265dd

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
docker-1.13.1-91.git07f3374.el7.src.rpm SHA-256: e37ddf2764f2008fa94643d885f05ab4f7061692ec338a89d7534b843a16abb2
s390x
docker-1.13.1-91.git07f3374.el7.s390x.rpm SHA-256: 6ad365dbb5188ff3bd2cdd6da8762b652735881d211f8e0a195214a6fb3ffb91
docker-client-1.13.1-91.git07f3374.el7.s390x.rpm SHA-256: 71a3338ff5f062d02f836198c2cc43d52577e101943c95fe72f23bcc68484b28
docker-common-1.13.1-91.git07f3374.el7.s390x.rpm SHA-256: ad1bc319c5c9ccb4622d690a8c565e947cafbda72c3e703c0795f31a446304dd
docker-debuginfo-1.13.1-91.git07f3374.el7.s390x.rpm SHA-256: 250ca66a2e0cbbdf0056d0131a00fc090cf3d7a0127dfdb89f71c671e1aa8f84
docker-logrotate-1.13.1-91.git07f3374.el7.s390x.rpm SHA-256: a8b32ae60724876449c651248b3c13e0291dde70e03bceb278ae7e578d8383b3
docker-lvm-plugin-1.13.1-91.git07f3374.el7.s390x.rpm SHA-256: 0a2414acf3e4a4666bc44b7e27fd4e1ab233732c8f95411003e537137f4b2514
docker-novolume-plugin-1.13.1-91.git07f3374.el7.s390x.rpm SHA-256: d20d7def6d440eec73fd51282552cb05a9cc67db402515f98eb9445755c3ec37
docker-rhel-push-plugin-1.13.1-91.git07f3374.el7.s390x.rpm SHA-256: 1f24a17f29de9bc54442e2c28cad11a9e41909f642a2af82a9fe345107f095a7
docker-v1.10-migrator-1.13.1-91.git07f3374.el7.s390x.rpm SHA-256: 9caccaafb18c43156f93ea7eee79706521a0d29cd64ff23e37e3c9266b73f67a

Red Hat Enterprise Linux for Power, little endian 7

SRPM
docker-1.13.1-91.git07f3374.el7.src.rpm SHA-256: e37ddf2764f2008fa94643d885f05ab4f7061692ec338a89d7534b843a16abb2
ppc64le
docker-1.13.1-91.git07f3374.el7.ppc64le.rpm SHA-256: edfdd59d190b9da96c3e25d9813545ffc1e9cc5488a6e8b15f7adf96f58fd7b9
docker-client-1.13.1-91.git07f3374.el7.ppc64le.rpm SHA-256: 1e5b021c4f77a86c903a9387f65e1053baf40af715566aa242fa248c5bbe1273
docker-common-1.13.1-91.git07f3374.el7.ppc64le.rpm SHA-256: 71c00791837385057d87abcb4053559907b68c93686b87dbb211a885ca15dc4f
docker-debuginfo-1.13.1-91.git07f3374.el7.ppc64le.rpm SHA-256: fc088b7a806e1cd23003586dbfc14176c35788ae4056437ffc8ec54aed579537
docker-logrotate-1.13.1-91.git07f3374.el7.ppc64le.rpm SHA-256: 636fc5fe97c93201d0089a592995acff841ae62b202829b3cda83a13adfd95e7
docker-lvm-plugin-1.13.1-91.git07f3374.el7.ppc64le.rpm SHA-256: 8fafecd4b370fdac3d3b1b9f8fa6a734fdf8077fdbe5da8b6960d5496c188e14
docker-novolume-plugin-1.13.1-91.git07f3374.el7.ppc64le.rpm SHA-256: a22941625922d3f101329fb6be44b02728e648a7385da2b892cb6c4e822f3464
docker-rhel-push-plugin-1.13.1-91.git07f3374.el7.ppc64le.rpm SHA-256: 1ed84d820845b5b41b4aa48bfb6313b7b857eb62faf4e4b29409e0d3bd2233fb
docker-v1.10-migrator-1.13.1-91.git07f3374.el7.ppc64le.rpm SHA-256: ece1909633466c9a434c15bb97765fa5398f534235c32f45f1c1643215203fb1

Red Hat Enterprise Linux for ARM 64 7

SRPM
docker-1.13.1-91.git07f3374.el7.src.rpm SHA-256: e37ddf2764f2008fa94643d885f05ab4f7061692ec338a89d7534b843a16abb2
aarch64
docker-1.13.1-91.git07f3374.el7.aarch64.rpm SHA-256: 31840c8b105c43eec3d88e245b9159c66cbfa8daf8006178238e0d16fb522f4f
docker-client-1.13.1-91.git07f3374.el7.aarch64.rpm SHA-256: b40980d88a6a19404a93489c61e1607647533f0fc20a25370d1d0ff5c62fb028
docker-common-1.13.1-91.git07f3374.el7.aarch64.rpm SHA-256: 15d67f49145d2aac2aec0c0b94299a3201afa8caf5e1656508b6516d3f8fa92d
docker-debuginfo-1.13.1-91.git07f3374.el7.aarch64.rpm SHA-256: 5513f6393817143fcdf3e2178fe60c1acc438248fac3d058cd17f7685514e407
docker-logrotate-1.13.1-91.git07f3374.el7.aarch64.rpm SHA-256: d4df780bf4da08d9e074a4e9be63ad8729b008d6bba6e06e09b4060d498efac1
docker-lvm-plugin-1.13.1-91.git07f3374.el7.aarch64.rpm SHA-256: ff7603f9a9a89ea1326907facd345cb76fb2e2c60bef7ec81db102e8a7802fc5
docker-novolume-plugin-1.13.1-91.git07f3374.el7.aarch64.rpm SHA-256: 2ef7c4b75d03be3500cee4a3474b7deb1f454aae8f2c6ec487ab218fbfa4053d
docker-rhel-push-plugin-1.13.1-91.git07f3374.el7.aarch64.rpm SHA-256: 44c1815626eff936dfe9cc2c4c7f1bcb7b90afb7bd114c68f719b6027795c9e3
docker-v1.10-migrator-1.13.1-91.git07f3374.el7.aarch64.rpm SHA-256: 003858907fc9796866da009f744268b413b4c638bf8fdec60aabb9d6c2ffeb86

Red Hat Enterprise Linux for Power 9 7

SRPM
docker-1.13.1-91.git07f3374.el7.src.rpm SHA-256: e37ddf2764f2008fa94643d885f05ab4f7061692ec338a89d7534b843a16abb2
ppc64le
docker-1.13.1-91.git07f3374.el7.ppc64le.rpm SHA-256: edfdd59d190b9da96c3e25d9813545ffc1e9cc5488a6e8b15f7adf96f58fd7b9
docker-client-1.13.1-91.git07f3374.el7.ppc64le.rpm SHA-256: 1e5b021c4f77a86c903a9387f65e1053baf40af715566aa242fa248c5bbe1273
docker-common-1.13.1-91.git07f3374.el7.ppc64le.rpm SHA-256: 71c00791837385057d87abcb4053559907b68c93686b87dbb211a885ca15dc4f
docker-debuginfo-1.13.1-91.git07f3374.el7.ppc64le.rpm SHA-256: fc088b7a806e1cd23003586dbfc14176c35788ae4056437ffc8ec54aed579537
docker-logrotate-1.13.1-91.git07f3374.el7.ppc64le.rpm SHA-256: 636fc5fe97c93201d0089a592995acff841ae62b202829b3cda83a13adfd95e7
docker-lvm-plugin-1.13.1-91.git07f3374.el7.ppc64le.rpm SHA-256: 8fafecd4b370fdac3d3b1b9f8fa6a734fdf8077fdbe5da8b6960d5496c188e14
docker-novolume-plugin-1.13.1-91.git07f3374.el7.ppc64le.rpm SHA-256: a22941625922d3f101329fb6be44b02728e648a7385da2b892cb6c4e822f3464
docker-rhel-push-plugin-1.13.1-91.git07f3374.el7.ppc64le.rpm SHA-256: 1ed84d820845b5b41b4aa48bfb6313b7b857eb62faf4e4b29409e0d3bd2233fb
docker-v1.10-migrator-1.13.1-91.git07f3374.el7.ppc64le.rpm SHA-256: ece1909633466c9a434c15bb97765fa5398f534235c32f45f1c1643215203fb1

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
docker-1.13.1-91.git07f3374.el7.src.rpm SHA-256: e37ddf2764f2008fa94643d885f05ab4f7061692ec338a89d7534b843a16abb2
s390x
docker-1.13.1-91.git07f3374.el7.s390x.rpm SHA-256: 6ad365dbb5188ff3bd2cdd6da8762b652735881d211f8e0a195214a6fb3ffb91
docker-client-1.13.1-91.git07f3374.el7.s390x.rpm SHA-256: 71a3338ff5f062d02f836198c2cc43d52577e101943c95fe72f23bcc68484b28
docker-common-1.13.1-91.git07f3374.el7.s390x.rpm SHA-256: ad1bc319c5c9ccb4622d690a8c565e947cafbda72c3e703c0795f31a446304dd
docker-debuginfo-1.13.1-91.git07f3374.el7.s390x.rpm SHA-256: 250ca66a2e0cbbdf0056d0131a00fc090cf3d7a0127dfdb89f71c671e1aa8f84
docker-logrotate-1.13.1-91.git07f3374.el7.s390x.rpm SHA-256: a8b32ae60724876449c651248b3c13e0291dde70e03bceb278ae7e578d8383b3
docker-lvm-plugin-1.13.1-91.git07f3374.el7.s390x.rpm SHA-256: 0a2414acf3e4a4666bc44b7e27fd4e1ab233732c8f95411003e537137f4b2514
docker-novolume-plugin-1.13.1-91.git07f3374.el7.s390x.rpm SHA-256: d20d7def6d440eec73fd51282552cb05a9cc67db402515f98eb9445755c3ec37
docker-rhel-push-plugin-1.13.1-91.git07f3374.el7.s390x.rpm SHA-256: 1f24a17f29de9bc54442e2c28cad11a9e41909f642a2af82a9fe345107f095a7
docker-v1.10-migrator-1.13.1-91.git07f3374.el7.s390x.rpm SHA-256: 9caccaafb18c43156f93ea7eee79706521a0d29cd64ff23e37e3c9266b73f67a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.