You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa Docker

Sigurnosni nedostaci programskog paketa Docker

==========================================================================
Ubuntu Security Notice USN-4048-1
July 08, 2019

Docker vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Docker could be made to overwrite files as the administrator.

Software Description:
– docker.io: Linux container runtime

Details:

Aleksa Sarai discovered that Docker was vulnerable to a directory traversal
attack. An attacker could use this vulnerability to read and write arbitrary
files on the host filesystem as root.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
docker.io 18.09.7-0ubuntu1~19.04.4

Ubuntu 18.10:
docker.io 18.09.7-0ubuntu1~18.10.3

Ubuntu 18.04 LTS:
docker.io 18.09.7-0ubuntu1~18.04.3

Ubuntu 16.04 LTS:
docker.io 18.09.7-0ubuntu1~16.04.4

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/4048-1
CVE-2018-15664, CVE-2019-5736

Package Information:
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~19.04.4
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~18.10.3
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~18.04.3
https://launchpad.net/ubuntu/+source/docker.io/18.09.7-0ubuntu1~16.04.4

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl0jbhAACgkQdyg1Qz0o
XX2u7A/+J2djstlGcpM+2q6KZxzRRApwTM69q+wh2p6VCFrhLRB3aqGwiBOtcJrh
EQCVXw6rdqeoadNoLh4T1+Y7m1FSW/Pb0OPs73O39/KV5vXWoyYNJfjioileODIw
egkGXs9yaXRQy0EIbPoIDJjV/6qGPNWUBqO3GqR5axZoIW2nbnBdPAU5bo/uR4yI
kcrFhFruJxxxQzUKMHYsv8/q+C/UOF6kKsIUPJIDaG/2hXkyz6C6LsgQAwRe46hX
de1/hZJphtfHo0gLMGZ+uzwnMgVDN1uQDgqMVnOV8B7nuvrAym+NtqyhwQN8sC5Q
Vo+PapMpewRYhfTy+N/7ePCUFzvp5Bgq50eC/aF20TPFDk96xMdfJc7hAJvCm7PQ
NssYUIbTNC/K1xjVvtoA86eFCOaFmS2qC3vXzdkQJmtLazd8fRytwskWpL5QjD4H
RJpIWLpIp38VjEYLd5gTmNvfH/9zq7KlK2zPKcR8ZSc33/JK/SecT6UEOL3BF7AL
EmC7jhjFTwug2ol9/mfP1YbEESMMx9qp2DO5P8SRWM75MYZ2EHtAds3v+FqybUwX
EBmYi4OqSkixLKSrCoDSF+suHD/ktjBKA+qL3fb+S9qiqWDZrOFwE9UzbLONL8UL
DZJg6i7zDinO0ylqrRSuYrWbk9v3IaaSCXyiiKt1t1MepdCDyiQ=
=zerJ
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa apport

Otkriven je sigurnosni nedostatak u programskom paketu apport za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija....

Close