==========================================================================
Ubuntu Security Notice USN-4103-2
August 19, 2019
Docker vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Docker could be made to crash or run programs as your login.
Software Description:
– docker.io: Linux container runtime
Details:
Jasiel Spelman discovered that a double free existed in the docker-credential-
helpers dependency of Docker. A local attacker could use this to cause a denial
of service
(crash) or possibly execute arbitrary code.
Original advisory details:
Jasiel Spelman discovered that a double free existed in docker-credential-
helpers. A local attacker could use this to cause a denial of service
(crash) or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
docker.io 18.09.7-0ubuntu1~19.04.5
Ubuntu 18.04 LTS:
docker.io 18.09.7-0ubuntu1~18.04.4
Ubuntu 16.04 LTS:
docker.io 18.09.7-0ubuntu1~16.04.5
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4103-2
https://usn.ubuntu.com/4103-1
CVE-2019-1020014
Package Information:
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~19.04.5
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~18.04.4
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~16.04.5
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl1a35EACgkQdyg1Qz0o
XX0xJBAAvIc5cecj9AcZnVuwMB7XfKHQTUJK5BL6Ik/o9zH6FmOZa34njZUSVeco
IwK3H95k+365MzDYSIA6+5rFmWt+VqcYJBXuAhs4huKW1diPcLmmhMq4QS5NmR1O
0M9KCU2KUhuyjb4YdDjMswMSUMe5WQzsVF28K/ZyMQb699sp0M2iHPnnUUC1bZQF
17JQhNKKNbpUPQXZRCxDsEax3ytpmr7AurCYjs4WQ+WgDA3kvmV1EAmAmZrP+EWd
nBKV3TX2MRZhR5loEtUaJlIq6zP4ASE+YzAMdIQjbynQzGu8X83ObnJdBfKkVwp5
LEcUqb4xjGSP9Q0JQSDsTa/t4K868L03s9STr9ozPMk3GftlsR10MFfUOkEPN2F6
wNSUmpx5PQVmH1FudmfPxHydap4Z0SOx0CD7Fml7kUjo5NX05tBIGb7Js3gnDhQE
jvu4yU2g4HOi8Lzu6uCYiR1YgMJU6Yu+BwfedLEg0knTWg8rUqn+9P/b9pSBRtmZ
7FkjdUIJB1YV9krwu8Xe0QwL4qoDcF4BdfA2Xa/6UZs0t0rxSeLbGP3YPnT/xCJ1
CzAyfJjBWmNGalN+p8TlNLBnGmJDzf9SxdTjCXn41+qqTWoocU9DyOAIMDhW/DK8
1a6wil8IS2NhaVwTBWYbmtGy76kagG6ivYBjAbyZHa0rhxUvbIg=
=60lk
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-4103-1
August 19, 2019
docker-credential-helpers vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.04
Summary:
docker-credential-helpers could be made to crash or run programs as your login
Software Description:
– golang-github-docker-docker-credential-helpers: Use native stores to safeguard
Docker credentials
Details:
Jasiel Spelman discovered that a double free existed in docker-credential-
helpers. A local attacker could use this to cause a denial of service
(crash) or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
golang-docker-credential-helpers 0.6.1-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4103-1
CVE-2019-1020014
Package Information:
https://launchpad.net/ubuntu/+source/golang-github-docker-docker-credential-helpers/0.6.1-1ubuntu0.1
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl1a0AgACgkQdyg1Qz0o
XX39og/9HPKT8cognVD3TYks4/TmpxkMky5hWkZI0Jm1H3QSF4RwKb1vZjHIIjBw
TUVVdkhUJNsJ/DDhUFrirCb/qoFzyu0q95+W33gD6VDqmEDfYW9zLf4zgNyyxVqt
5KbSoCBqZPqgYrp0MtL8/EG3JXb65RVK8etFowInGHodAPHZGgbh+y32lP/sv3Ky
wom3O3K2hWKdbdfeiSg242rhomzhj2OI5TnuuIWQ9PY03GZqx1d4GAP+yFhq5UIi
G7E7wXJB+8f3FF/2CpuBCKDX89MZXn3yKmIBge2TE90JIiULhxQhSak11zT+w7kO
iV4aomzA7jqp+aSqCUNk2kuoef33DX+91UzmpSIpe8cJwkJv4Ycwt7He0ScIRYhL
X6srrczXLjn7cTdR/ZDsKUB2CxFu7pKI2YkuJDCMUJtmdIjcGHTg/LPmnVYc/KEn
dG0Vr2u95+TbsGj66ICdY8IZIiGXFAx2FWe27dSr/2K/TTe04thRjheaXve+xgXi
VVuC4bTqoaUf5KNOjbo3zmZ8mnfAvrhYwrN4Ws73jm7wN39AJK0EbZRDvvROMr7N
FuGzjGO4Ie79vIc8I8CuaRWv3T099AveAuP6s5vqjDYXBEMQIYPsRdGsU0Ax7LVP
dYSCEbDuYrbR3XLMURyf+ctFs+71kRGWX1UQN1FcdlkfomsQaMQ=
=/jyR
—–END PGP SIGNATURE—–
—