Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2020:1234 - Security Advisory
Issued:
2020-03-31
Updated:
2020-03-31

RHSA-2020:1234 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: docker security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for docker is now available for Red Hat Enterprise Linux 7 Extras.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere.

Security Fix(es):

  • runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc (CVE-2019-16884)
  • proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
  • containers/image: Container images read entire image manifest into memory (CVE-2020-1702)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Whitelist statx(2) in docker (BZ#1784228)
  • Upgrading docker resulting into increase Systemd logs (BZ#1791870)
  • docker should be linked against gpgme-pthread (BZ#1792243)
  • docker cannot be updated to 108 on rhos13 as a container fails to start with "pivot_root invalid argument" error. (BZ#1795376)
  • OVS pods are unable to stop when running under docker version 1.13.1-108 (BZ#1796451)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 1757214 - CVE-2019-16884 runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc
  • BZ - 1784228 - Whitelist statx(2) in docker
  • BZ - 1792796 - CVE-2020-1702 containers/image: Container images read entire image manifest into memory
  • BZ - 1795376 - docker cannot be updated to 108 on rhos13 as a container fails to start with "pivot_root invalid argument" error.
  • BZ - 1795838 - CVE-2020-8945 proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
  • BZ - 1796451 - OVS pods are unable to stop when running under docker version 1.13.1-108

CVEs

  • CVE-2019-16884
  • CVE-2020-1702
  • CVE-2020-8945

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
docker-1.13.1-161.git64e9980.el7_8.src.rpm SHA-256: 47a1cc1aa45f245e8b68e7c8f0a6ce3b75d8c86827dc547f5a7f162ba20e267d
x86_64
docker-1.13.1-161.git64e9980.el7_8.x86_64.rpm SHA-256: d9139486feeb6eace8e8ea6d027a6ae7cca70bcf3e72e67aa679a2acec8cd2a8
docker-client-1.13.1-161.git64e9980.el7_8.x86_64.rpm SHA-256: 28a90104f2a56902ec0732f3e11a17302b2ef70a746e461df52d79f497fc2c02
docker-common-1.13.1-161.git64e9980.el7_8.x86_64.rpm SHA-256: c85c5b896a55d8f3a6baf70927d679e55f12b333c08445b64ae6331afe9ec9b3
docker-debuginfo-1.13.1-161.git64e9980.el7_8.x86_64.rpm SHA-256: ba0d997c78344fc8d244e8dfee85a7c8cfeab636f846e4e97b42c2d75294575e
docker-logrotate-1.13.1-161.git64e9980.el7_8.x86_64.rpm SHA-256: a85538a3822c983cd95e948d9e597231c9a56885a186ffea69397cbdfed39d3a
docker-lvm-plugin-1.13.1-161.git64e9980.el7_8.x86_64.rpm SHA-256: c3ed1898e0eb9406a6e7be301f65bf53bce6d11f9102f34895a3bafdfafc1c51
docker-novolume-plugin-1.13.1-161.git64e9980.el7_8.x86_64.rpm SHA-256: cbe84348ad6f2c362aeb5483118cd861bf4e040c80b3bc623584dd9b9456158c
docker-rhel-push-plugin-1.13.1-161.git64e9980.el7_8.x86_64.rpm SHA-256: 36c63264bba63b5443a76cefcb54debea2d0d9b3e1003d8ad89bcf1015a69bbc
docker-v1.10-migrator-1.13.1-161.git64e9980.el7_8.x86_64.rpm SHA-256: def1bc9fc1a23a3629ef8ebc30c16e883947a9ee2e4f6d04f95777341691445c

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
docker-1.13.1-161.git64e9980.el7_8.src.rpm SHA-256: 47a1cc1aa45f245e8b68e7c8f0a6ce3b75d8c86827dc547f5a7f162ba20e267d
s390x
docker-1.13.1-161.git64e9980.el7_8.s390x.rpm SHA-256: d29fb8c324ad2c5dd25f857cc8ff2fbea64a1132f458f1d4fff9f282537c695d
docker-client-1.13.1-161.git64e9980.el7_8.s390x.rpm SHA-256: de66cd97ea014db147387178100782baafc1ef0c7f616ae02914264805be71c2
docker-common-1.13.1-161.git64e9980.el7_8.s390x.rpm SHA-256: c5348ef97a00dd962140986bf7e127681c4faa76949213882be7b22931b444ee
docker-debuginfo-1.13.1-161.git64e9980.el7_8.s390x.rpm SHA-256: 69dac7b4a9e7ecfd31a7b8c51a416a4a5fe06a3c86e69645c68c0a78c9e21b2d
docker-logrotate-1.13.1-161.git64e9980.el7_8.s390x.rpm SHA-256: 4acf5112bf9fdcd2a09c26f5b3d59262300880f684214bf8a126b11ce47c36bc
docker-lvm-plugin-1.13.1-161.git64e9980.el7_8.s390x.rpm SHA-256: c9fcd310cec0d9ca1639c3321ae37366ab0aa2b98b3b5c08c1cf5c1cd1c7907b
docker-novolume-plugin-1.13.1-161.git64e9980.el7_8.s390x.rpm SHA-256: 5e5fee3a0bc78f51949ce0ee2ff42f2bc48f697722bc1010bb4d7426b46a3f11
docker-rhel-push-plugin-1.13.1-161.git64e9980.el7_8.s390x.rpm SHA-256: f3785042334401527011fd052f8c5b5a0cb23246d5f7472d8d22101e17471f73
docker-v1.10-migrator-1.13.1-161.git64e9980.el7_8.s390x.rpm SHA-256: ff84dd654069afa7275531b22bfa2c1fcc55029663467c4a8c9ad197ab9a3d7d

Red Hat Enterprise Linux for Power, little endian 7

SRPM
docker-1.13.1-161.git64e9980.el7_8.src.rpm SHA-256: 47a1cc1aa45f245e8b68e7c8f0a6ce3b75d8c86827dc547f5a7f162ba20e267d
ppc64le
docker-1.13.1-161.git64e9980.el7_8.ppc64le.rpm SHA-256: 9df14cf2410aba2a932d2f4d6a0a09b5705982947cbf566ccc6e3e4aa889408b
docker-client-1.13.1-161.git64e9980.el7_8.ppc64le.rpm SHA-256: 8e8ed0a41847c6ac3c24abe8c931eaf5798949950aaccac8feb8aca7c60139bb
docker-common-1.13.1-161.git64e9980.el7_8.ppc64le.rpm SHA-256: 580586a6c5ecc14669602f702663ab4c379e2e2835a7e55b47c8a01acb0021d0
docker-debuginfo-1.13.1-161.git64e9980.el7_8.ppc64le.rpm SHA-256: 133e9f85b91710de915228397566de9bdca4b2c01bbe8557f356b95cf93f6138
docker-logrotate-1.13.1-161.git64e9980.el7_8.ppc64le.rpm SHA-256: d22f73f20af275f6fa830c252fff6b610d2a673b3bbe50263c9cf44bdd740d36
docker-lvm-plugin-1.13.1-161.git64e9980.el7_8.ppc64le.rpm SHA-256: 661d68fb902157e755dd0fb3688f559b14695dee2dd86ef9cc32a36a732835d2
docker-novolume-plugin-1.13.1-161.git64e9980.el7_8.ppc64le.rpm SHA-256: b3194306c1b1c2b1f096ce30ddbe491e6f71df9aebaab6fc727a22d81a064f43
docker-rhel-push-plugin-1.13.1-161.git64e9980.el7_8.ppc64le.rpm SHA-256: a9da987fb77cd7d66b5fe88f0f1898135ac1c4481bc8f1b4f27786ff3adb513a
docker-v1.10-migrator-1.13.1-161.git64e9980.el7_8.ppc64le.rpm SHA-256: 253b4e4d33ead235ec5ee2445a1a0e415da03b74240ec6bc5ed5ceb432a86822

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility