You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa Docker

Sigurnosni nedostaci programskog paketa Docker

==========================================================================
Ubuntu Security Notice USN-4103-2
August 19, 2019

Docker vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Docker could be made to crash or run programs as your login.

Software Description:
– docker.io: Linux container runtime

Details:

Jasiel Spelman discovered that a double free existed in the docker-credential-
helpers dependency of Docker. A local attacker could use this to cause a denial
of service
(crash) or possibly execute arbitrary code.

Original advisory details:

Jasiel Spelman discovered that a double free existed in docker-credential-
helpers. A local attacker could use this to cause a denial of service
(crash) or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
docker.io 18.09.7-0ubuntu1~19.04.5

Ubuntu 18.04 LTS:
docker.io 18.09.7-0ubuntu1~18.04.4

Ubuntu 16.04 LTS:
docker.io 18.09.7-0ubuntu1~16.04.5

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4103-2
https://usn.ubuntu.com/4103-1
CVE-2019-1020014

Package Information:
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~19.04.5
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~18.04.4
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~16.04.5

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl1a35EACgkQdyg1Qz0o
XX0xJBAAvIc5cecj9AcZnVuwMB7XfKHQTUJK5BL6Ik/o9zH6FmOZa34njZUSVeco
IwK3H95k+365MzDYSIA6+5rFmWt+VqcYJBXuAhs4huKW1diPcLmmhMq4QS5NmR1O
0M9KCU2KUhuyjb4YdDjMswMSUMe5WQzsVF28K/ZyMQb699sp0M2iHPnnUUC1bZQF
17JQhNKKNbpUPQXZRCxDsEax3ytpmr7AurCYjs4WQ+WgDA3kvmV1EAmAmZrP+EWd
nBKV3TX2MRZhR5loEtUaJlIq6zP4ASE+YzAMdIQjbynQzGu8X83ObnJdBfKkVwp5
LEcUqb4xjGSP9Q0JQSDsTa/t4K868L03s9STr9ozPMk3GftlsR10MFfUOkEPN2F6
wNSUmpx5PQVmH1FudmfPxHydap4Z0SOx0CD7Fml7kUjo5NX05tBIGb7Js3gnDhQE
jvu4yU2g4HOi8Lzu6uCYiR1YgMJU6Yu+BwfedLEg0knTWg8rUqn+9P/b9pSBRtmZ
7FkjdUIJB1YV9krwu8Xe0QwL4qoDcF4BdfA2Xa/6UZs0t0rxSeLbGP3YPnT/xCJ1
CzAyfJjBWmNGalN+p8TlNLBnGmJDzf9SxdTjCXn41+qqTWoocU9DyOAIMDhW/DK8
1a6wil8IS2NhaVwTBWYbmtGy76kagG6ivYBjAbyZHa0rhxUvbIg=
=60lk
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4103-1
August 19, 2019

docker-credential-helpers vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04

Summary:

docker-credential-helpers could be made to crash or run programs as your login

Software Description:
– golang-github-docker-docker-credential-helpers: Use native stores to safeguard
Docker credentials

Details:

Jasiel Spelman discovered that a double free existed in docker-credential-
helpers. A local attacker could use this to cause a denial of service
(crash) or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
golang-docker-credential-helpers 0.6.1-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4103-1
CVE-2019-1020014

Package Information:

https://launchpad.net/ubuntu/+source/golang-github-docker-docker-credential-helpers/0.6.1-1ubuntu0.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl1a0AgACgkQdyg1Qz0o
XX39og/9HPKT8cognVD3TYks4/TmpxkMky5hWkZI0Jm1H3QSF4RwKb1vZjHIIjBw
TUVVdkhUJNsJ/DDhUFrirCb/qoFzyu0q95+W33gD6VDqmEDfYW9zLf4zgNyyxVqt
5KbSoCBqZPqgYrp0MtL8/EG3JXb65RVK8etFowInGHodAPHZGgbh+y32lP/sv3Ky
wom3O3K2hWKdbdfeiSg242rhomzhj2OI5TnuuIWQ9PY03GZqx1d4GAP+yFhq5UIi
G7E7wXJB+8f3FF/2CpuBCKDX89MZXn3yKmIBge2TE90JIiULhxQhSak11zT+w7kO
iV4aomzA7jqp+aSqCUNk2kuoef33DX+91UzmpSIpe8cJwkJv4Ycwt7He0ScIRYhL
X6srrczXLjn7cTdR/ZDsKUB2CxFu7pKI2YkuJDCMUJtmdIjcGHTg/LPmnVYc/KEn
dG0Vr2u95+TbsGj66ICdY8IZIiGXFAx2FWe27dSr/2K/TTe04thRjheaXve+xgXi
VVuC4bTqoaUf5KNOjbo3zmZ8mnfAvrhYwrN4Ws73jm7wN39AJK0EbZRDvvROMr7N
FuGzjGO4Ie79vIc8I8CuaRWv3T099AveAuP6s5vqjDYXBEMQIYPsRdGsU0Ax7LVP
dYSCEbDuYrbR3XLMURyf+ctFs+71kRGWX1UQN1FcdlkfomsQaMQ=
=/jyR
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa openldap

Otkriveni su sigurnosni nedostaci u programskom paketu openldap za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju otkrivanje osjetljivih informacija....

Close