- Issued:
- 2019-03-12
- Updated:
- 2019-03-12
RHSA-2019:0487 - Security Advisory
Synopsis
Low: docker security and bug fix update
Type/Severity
Security Advisory: Low
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for docker is now available for Red Hat Enterprise Linux 7 Extras.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere.
Security Fix(es):
- docker: Memory exhaustion via large integer used with --cpuset-mems or --cpuset-cpus (CVE-2018-20699)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- docker runc 'panic: runtime error: invalid memory address or nil pointer dereference' (BZ#1556901)
- temp files in /var/lib/docker persist (BZ#1645591)
- Docker needs to support PIDs Limit for all containers created. (BZ#1660876)
- dockerd may leak memory resources if uncompressing a layer fails (BZ#1661443)
- Docker may not properly close hijacked streams (BZ#1668042)
- Director deployed OCP 3.11 deployment fails with openshift-ansible getting stuck when restarting docker service on master nodes (BZ#1671861)
- Docker service hang (BZ#1678096)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
- Red Hat Enterprise Linux for ARM 64 7 aarch64
- Red Hat Enterprise Linux for Power 9 7 ppc64le
- Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x
Fixes
- BZ - 1645591 - temp files in /var/lib/docker persist
- BZ - 1660876 - Docker needs to support PIDs Limit for all containers created.
- BZ - 1661443 - dockerd may leak memory resources if uncompressing a layer fails
- BZ - 1666565 - CVE-2018-20699 docker: Memory exhaustion via large integer used with --cpuset-mems or --cpuset-cpus
- BZ - 1668042 - Docker may not properly close hijacked streams
- BZ - 1671861 - Director deployed OCP 3.11 deployment fails with openshift-ansible getting stuck when restarting docker service on master nodes
- BZ - 1678096 - Docker service hang
CVEs
Red Hat Enterprise Linux Server 7
SRPM | |
---|---|
docker-1.13.1-94.gitb2f74b2.el7.src.rpm | SHA-256: 15e8df46daa1a4c9b9269537ab18476c2e623a679cfba3628e6117bb5ab6aea4 |
x86_64 | |
docker-1.13.1-94.gitb2f74b2.el7.x86_64.rpm | SHA-256: f6bc601f715c94417f4da52e468c310c0898c99af6c35544c2dd43fafedc66bb |
docker-client-1.13.1-94.gitb2f74b2.el7.x86_64.rpm | SHA-256: 2b0dfec3ad8fc047142e3225f014c0b9a608093f402419bbacadc3b2fb5a5695 |
docker-common-1.13.1-94.gitb2f74b2.el7.x86_64.rpm | SHA-256: dc8e26207975293d82d1979a3a376aad07c0f96c171f38732b3f717c6816063e |
docker-debuginfo-1.13.1-94.gitb2f74b2.el7.x86_64.rpm | SHA-256: 7ea43a32038b7ed09ce510fc252b7739c3f75eb3e0b9841127208cf1083fd301 |
docker-logrotate-1.13.1-94.gitb2f74b2.el7.x86_64.rpm | SHA-256: 29500e6fdf31325f8761dd2d4346eb5c43244c7fe97259029cb8f37519edd700 |
docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.x86_64.rpm | SHA-256: 3a7c115027bb028baab7ccbf3167cda36b5ae25d657d7ab3c2e6df6993d821fd |
docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.x86_64.rpm | SHA-256: e399aaabc207d6175973f09491af485f6ad48f01c790377be866b109a2dc7688 |
docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.x86_64.rpm | SHA-256: 0e930c0b607001d8d3b763c7e874ada9f984551b8fdcec37be413f8b4b1e8a5f |
docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.x86_64.rpm | SHA-256: 8f6458c5e4a52ab01be4b52a2a554a4362866cdf03e824d969e1da3340e3327f |
Red Hat Enterprise Linux for IBM z Systems 7
SRPM | |
---|---|
docker-1.13.1-94.gitb2f74b2.el7.src.rpm | SHA-256: 15e8df46daa1a4c9b9269537ab18476c2e623a679cfba3628e6117bb5ab6aea4 |
s390x | |
docker-1.13.1-94.gitb2f74b2.el7.s390x.rpm | SHA-256: ced254182702c608fa666af7966679151f1fb504831976281994f3db8aa36944 |
docker-client-1.13.1-94.gitb2f74b2.el7.s390x.rpm | SHA-256: 7efb4c3073d354fd04f4c4ee9d9f407d26f0700c4bbf45450c15981412b5a4bd |
docker-common-1.13.1-94.gitb2f74b2.el7.s390x.rpm | SHA-256: 27a114c361a868fcd037d15efade757f5395c7d09451473468dd6e68afc06990 |
docker-debuginfo-1.13.1-94.gitb2f74b2.el7.s390x.rpm | SHA-256: a8104577154cb6d1e033d7ca17d8e0ca2c2dba056ad214451adf3f204493367e |
docker-logrotate-1.13.1-94.gitb2f74b2.el7.s390x.rpm | SHA-256: 97de996ccd072a3cc675121fbc10cfb85391734c10d285a7bd0600ec9dbd875e |
docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.s390x.rpm | SHA-256: 10739efa4b4e626b96a149320b1ca9d36a33a77988734edde8e6032e9a148e61 |
docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.s390x.rpm | SHA-256: 8eb8f8c19cf125b17635fbc19ba262776b41ec30f6ad5156144061a1925a1bd6 |
docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.s390x.rpm | SHA-256: 254965ff4efb8b29ea8661f2f80e5f4cd83bcae6a92e27f057845e039f9834f1 |
docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.s390x.rpm | SHA-256: 5e730e4e6fd04b72ffa360060952458a11f08cd390d749659607c38882c216f3 |
Red Hat Enterprise Linux for Power, little endian 7
SRPM | |
---|---|
docker-1.13.1-94.gitb2f74b2.el7.src.rpm | SHA-256: 15e8df46daa1a4c9b9269537ab18476c2e623a679cfba3628e6117bb5ab6aea4 |
ppc64le | |
docker-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm | SHA-256: 7398e19495f73a6e79e5a47577d4bee52c0dd3dce863c0a854d5bb7a29b6ba5b |
docker-client-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm | SHA-256: 85d82b3bbb6639d4c1d55b3d635b52c0b8d17a5264199ceae25d224bd1f29c4c |
docker-common-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm | SHA-256: 758e92af3d7f5d6317f732e78a65c5ed446b1c1ccf26bdce7ec1629839b14d0c |
docker-debuginfo-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm | SHA-256: 6e0b454151842328a919f055de6dd07bd8b78eecdd0d418065bc6243d4aa7f6d |
docker-logrotate-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm | SHA-256: be94cffb66c059584ec5887d0d4efe995eb82ec1ce490fceff456ae89ea2308a |
docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm | SHA-256: ba53af190aaf71bf2ded4892d5dba46e6cd4fe3a2a6fc5ab717a3dd9db24b064 |
docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm | SHA-256: c99e6d1d50a1fc4c5186f69387762d440696664def197bb37ec513310c325923 |
docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm | SHA-256: a4ca52b7f53802bff55073f8c44046babefa24faae3f797cae3da80d46e7d5ec |
docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm | SHA-256: 327fe7ef2d937ccbfe435b950fedc591699c5a46e6edd0b46d80de011141fe97 |
Red Hat Enterprise Linux for ARM 64 7
SRPM | |
---|---|
docker-1.13.1-94.gitb2f74b2.el7.src.rpm | SHA-256: 15e8df46daa1a4c9b9269537ab18476c2e623a679cfba3628e6117bb5ab6aea4 |
aarch64 | |
docker-1.13.1-94.gitb2f74b2.el7.aarch64.rpm | SHA-256: 7065236c7d8a18b9333790ff5f3106321dfe795cd6d1b64428aa7ad2045399f3 |
docker-client-1.13.1-94.gitb2f74b2.el7.aarch64.rpm | SHA-256: 6838d7f1bf59aed3efcc11c8fc98501b8b2bb4a8ab490e293b0bd2011e0ed2e3 |
docker-common-1.13.1-94.gitb2f74b2.el7.aarch64.rpm | SHA-256: 950207ba8d2259308a90b56daab2ead25a56dc79247f7e2e9cd99dcdb77c9b70 |
docker-debuginfo-1.13.1-94.gitb2f74b2.el7.aarch64.rpm | SHA-256: 31895dccbed67014dda343bbd60d1d8e1a78b92465a0689cdd87db67f34c1f80 |
docker-logrotate-1.13.1-94.gitb2f74b2.el7.aarch64.rpm | SHA-256: 756b3d3174129d32aca352fd286d4e967cb0a85267cc66a079f357566789c353 |
docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.aarch64.rpm | SHA-256: 7ee5b71da66e34a7e71abc9e57bd4d4cf396b5790d66af3c7b3df60697077703 |
docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.aarch64.rpm | SHA-256: 335c83f82798c5c8c87e24be612baa350e630bd658c0d4cbfec2bcf6989c708a |
docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.aarch64.rpm | SHA-256: dd4bef07b70464d44e1117531fc2ca339c89470854186dffef532a7ec09e0671 |
docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.aarch64.rpm | SHA-256: 65d7faa15e8a21f0e574b566c7871bfd776735acc2f93711bb66d06eb7ad44f6 |
Red Hat Enterprise Linux for Power 9 7
SRPM | |
---|---|
docker-1.13.1-94.gitb2f74b2.el7.src.rpm | SHA-256: 15e8df46daa1a4c9b9269537ab18476c2e623a679cfba3628e6117bb5ab6aea4 |
ppc64le | |
docker-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm | SHA-256: 7398e19495f73a6e79e5a47577d4bee52c0dd3dce863c0a854d5bb7a29b6ba5b |
docker-client-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm | SHA-256: 85d82b3bbb6639d4c1d55b3d635b52c0b8d17a5264199ceae25d224bd1f29c4c |
docker-common-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm | SHA-256: 758e92af3d7f5d6317f732e78a65c5ed446b1c1ccf26bdce7ec1629839b14d0c |
docker-debuginfo-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm | SHA-256: 6e0b454151842328a919f055de6dd07bd8b78eecdd0d418065bc6243d4aa7f6d |
docker-logrotate-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm | SHA-256: be94cffb66c059584ec5887d0d4efe995eb82ec1ce490fceff456ae89ea2308a |
docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm | SHA-256: ba53af190aaf71bf2ded4892d5dba46e6cd4fe3a2a6fc5ab717a3dd9db24b064 |
docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm | SHA-256: c99e6d1d50a1fc4c5186f69387762d440696664def197bb37ec513310c325923 |
docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm | SHA-256: a4ca52b7f53802bff55073f8c44046babefa24faae3f797cae3da80d46e7d5ec |
docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm | SHA-256: 327fe7ef2d937ccbfe435b950fedc591699c5a46e6edd0b46d80de011141fe97 |
Red Hat Enterprise Linux for IBM System z (Structure A) 7
SRPM | |
---|---|
docker-1.13.1-94.gitb2f74b2.el7.src.rpm | SHA-256: 15e8df46daa1a4c9b9269537ab18476c2e623a679cfba3628e6117bb5ab6aea4 |
s390x | |
docker-1.13.1-94.gitb2f74b2.el7.s390x.rpm | SHA-256: ced254182702c608fa666af7966679151f1fb504831976281994f3db8aa36944 |
docker-client-1.13.1-94.gitb2f74b2.el7.s390x.rpm | SHA-256: 7efb4c3073d354fd04f4c4ee9d9f407d26f0700c4bbf45450c15981412b5a4bd |
docker-common-1.13.1-94.gitb2f74b2.el7.s390x.rpm | SHA-256: 27a114c361a868fcd037d15efade757f5395c7d09451473468dd6e68afc06990 |
docker-debuginfo-1.13.1-94.gitb2f74b2.el7.s390x.rpm | SHA-256: a8104577154cb6d1e033d7ca17d8e0ca2c2dba056ad214451adf3f204493367e |
docker-logrotate-1.13.1-94.gitb2f74b2.el7.s390x.rpm | SHA-256: 97de996ccd072a3cc675121fbc10cfb85391734c10d285a7bd0600ec9dbd875e |
docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.s390x.rpm | SHA-256: 10739efa4b4e626b96a149320b1ca9d36a33a77988734edde8e6032e9a148e61 |
docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.s390x.rpm | SHA-256: 8eb8f8c19cf125b17635fbc19ba262776b41ec30f6ad5156144061a1925a1bd6 |
docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.s390x.rpm | SHA-256: 254965ff4efb8b29ea8661f2f80e5f4cd83bcae6a92e27f057845e039f9834f1 |
docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.s390x.rpm | SHA-256: 5e730e4e6fd04b72ffa360060952458a11f08cd390d749659607c38882c216f3 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.