Fedora has issued advisories on January 31: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LYP4H4PVCY43Z7LGZZQJ24SVGS54BVKQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OIWWVHLS6Z45DMYJCXKISOYBHROLVWLD/ The issue is fixed upstream in 18.09.
Depends on: (none) => 24253
Do you want mte to backport 18.09 ? That would require some other packages as well (runc, and probably some dependencies, maybe including go IIRC). I have all these updates made for my own mga6 distro I run, so feasible pretty easily, but ask to see whether I pass the time or if an individual fix would be sufficient such as the one described here: https://github.com/docker/engine/pull/69 Let me know and will work on one or the other.
Status: NEW => ASSIGNED
Whatever is easier for you would be fine.
Ok, so lazy as I am I just applied the patch and rebuilt and pushed to updates_testing docker-18.06.1-1.2.mga6
Assignee: bruno => qa-bugs
Advisory: ======================== Updated docker packages fix security vulnerability: Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go (CVE-2018-20699). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20699 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LYP4H4PVCY43Z7LGZZQJ24SVGS54BVKQ/ ======================== Updated packages in core/updates_testing: ======================== docker-18.06.1-1.2.mga6 docker-devel-18.06.1-1.2.mga6 docker-fish-completion-18.06.1-1.2.mga6 docker-logrotate-18.06.1-1.2.mga6 docker-unit-test-18.06.1-1.2.mga6 docker-vim-18.06.1-1.2.mga6 docker-zsh-completion-18.06.1-1.2.mga6 docker-nano-18.06.1-1.2.mga6 from docker-18.06.1-1.2.mga6.src.rpm
CC: (none) => bruno
mga6, x86_64 Checked CVE-2018-20699 to see if the vulnerability could be triggered easily. There is no example of how to use the command-line parameters so have skipped that part and updated the packages. docker was already installed for a previous QA test as was an image of the debian OS. User is a member of the docker group. Running through a tutorial currently. So far everything has worked fine, including linking two docker images. Report later.
CC: (none) => tarazed25
Created attachment 10737 [details] Basic introduction to docker commands The report is just a list of docker commands which have been tried.
Reached page 43 of the docker manual. The help system lists the available commands, for which further help is often available. The attached report covers my attempt to familiarize myself with the docker command set, run as a terminal session. As far as it goes it shows that docker is working as expected. Note that since the documentation used is an e-book it is probably advisable not to expose the contents any further. If anybody needs it you would find it easily enough online, or else email me for the name and publisher.
Whiteboard: (none) => MGA6-64-OK
Maybe another time, that Lab I made could be used: https://github.com/bcornec/Labs/tree/master/Docker
Yes, even better. We should bookmark that. Thanks Bruno.
General comment for future testers and adopters. Have just installed Bruno's Lab and would recommend its use as it follows similar lines as the ebook I was using, at least at the start.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0076.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED