MGASA-2019-0180

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2019-0180.html
Import Source
https://advisories.mageia.org/MGASA-2019-0180.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2019-0180
Related
Published
2019-05-19T11:27:30Z
Modified
2019-05-19T10:49:51Z
Summary
Updated docker packages fix security vulnerability
Details

Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork:

CVE-2018-16873: cmd/go: remote command execution during "go get -u" (bsc#1118897) CVE-2018-16874: cmd/go: directory traversal in "go get" via curly braces in import paths (bsc#1118898) CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899)

Non-security issues fixed for docker:

Disable leap based builds for kubic flavor (bsc#1121412) Allow users to explicitly specify the NIS domainname of a container (bsc#1001161) Update docker.service to match upstream and avoid rlimit problems (bsc#1112980) Allow docker images larger then 23GB (bsc#1118990) Docker version update to version 18.09.0-ce (bsc#1115464)

References
Credits

Affected packages

Mageia:6 / docker

Package

Name
docker
Purl
pkg:rpm/mageia/docker?distro=mageia-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
18.06.3-1.2.mga6

Ecosystem specific 

{
    "section": "core"
}