- Issued:
- 2019-03-12
- Updated:
- 2019-03-12
RHSA-2019:0487 - Low: docker security and bug fix update
Synopsis
Low: docker security and bug fix update
Type/Severity
Security Advisory Low
Topic
An update for docker is now available for Red Hat Enterprise Linux 7 Extras.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere.
Security Fix(es):
- docker: Memory exhaustion via large integer used with --cpuset-mems or --cpuset-cpus (CVE-2018-20699)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
docker runc 'panic: runtime error: invalid memory address or nil pointer dereference' (BZ#1556901)
-
temp files in /var/lib/docker persist (BZ#1645591)
-
Docker needs to support PIDs Limit for all containers created. (BZ#1660876)
-
dockerd may leak memory resources if uncompressing a layer fails (BZ#1661443)
-
Docker may not properly close hijacked streams (BZ#1668042)
-
Director deployed OCP 3.11 deployment fails with openshift-ansible getting stuck when restarting docker service on master nodes (BZ#1671861)
-
Docker service hang (BZ#1678096)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power, little endian | 7 | ppc64le |
| Red Hat Enterprise Linux for Power 9 | 7 | ppc64le |
| Red Hat Enterprise Linux for IBM z Systems | 7 | s390x |
| Red Hat Enterprise Linux for IBM System z (Structure A) | 7 | s390x |
| Red Hat Enterprise Linux for ARM 64 | 7 | aarch64 |
| Red Hat Enterprise Linux Server | 7 | x86_64 |
Updated Packages
- docker-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm
- docker-1.13.1-94.gitb2f74b2.el7.s390x.rpm
- docker-client-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm
- docker-debuginfo-1.13.1-94.gitb2f74b2.el7.s390x.rpm
- docker-1.13.1-94.gitb2f74b2.el7.aarch64.rpm
- docker-client-1.13.1-94.gitb2f74b2.el7.aarch64.rpm
- docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm
- docker-common-1.13.1-94.gitb2f74b2.el7.x86_64.rpm
- docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm
- docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm
- docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm
- docker-logrotate-1.13.1-94.gitb2f74b2.el7.aarch64.rpm
- docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.s390x.rpm
- docker-client-1.13.1-94.gitb2f74b2.el7.s390x.rpm
- docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.s390x.rpm
- docker-common-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm
- docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.x86_64.rpm
- docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.x86_64.rpm
- docker-common-1.13.1-94.gitb2f74b2.el7.s390x.rpm
- docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.s390x.rpm
- docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.x86_64.rpm
- docker-1.13.1-94.gitb2f74b2.el7.src.rpm
- docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.x86_64.rpm
- docker-debuginfo-1.13.1-94.gitb2f74b2.el7.aarch64.rpm
- docker-client-1.13.1-94.gitb2f74b2.el7.x86_64.rpm
- docker-debuginfo-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm
- docker-logrotate-1.13.1-94.gitb2f74b2.el7.s390x.rpm
- docker-logrotate-1.13.1-94.gitb2f74b2.el7.x86_64.rpm
- docker-rhel-push-plugin-1.13.1-94.gitb2f74b2.el7.aarch64.rpm
- docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.aarch64.rpm
- docker-logrotate-1.13.1-94.gitb2f74b2.el7.ppc64le.rpm
- docker-debuginfo-1.13.1-94.gitb2f74b2.el7.x86_64.rpm
- docker-common-1.13.1-94.gitb2f74b2.el7.aarch64.rpm
- docker-novolume-plugin-1.13.1-94.gitb2f74b2.el7.s390x.rpm
- docker-1.13.1-94.gitb2f74b2.el7.x86_64.rpm
- docker-v1.10-migrator-1.13.1-94.gitb2f74b2.el7.aarch64.rpm
- docker-lvm-plugin-1.13.1-94.gitb2f74b2.el7.aarch64.rpm
Fixes
- This content is not included.BZ - 1645591
- This content is not included.BZ - 1660876
- This content is not included.BZ - 1661443
- This content is not included.BZ - 1666565
- This content is not included.BZ - 1668042
- This content is not included.BZ - 1671861
- This content is not included.BZ - 1678096
CVEs
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.