SUSE has issued an advisory today (June 18): http://lists.suse.com/pipermail/sle-security-updates/2020-June/006974.html The issue is fixed upstream in 19.03.11. RedHat has a link to the commit that fixed the issue: https://bugzilla.redhat.com/show_bug.cgi?id=1833233
pushed in mga7 updates_testing: docker-18.09.9-1.1.mga7
Assignee: bruno => qa-bugsCC: (none) => mageia
Advisory: ======================== Updated docker packages fix security vulnerability: A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a man-in-the-middle (MitM) attack against the host network or another container (CVE-2020-13401). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13401 https://bugzilla.redhat.com/show_bug.cgi?id=1833233 ======================== Updated packages in core/updates_testing: ======================== docker-18.09.9-1.1.mga7 docker-devel-18.09.9-1.1.mga7 docker-fish-completion-18.09.9-1.1.mga7 docker-logrotate-18.09.9-1.1.mga7 docker-unit-test-18.09.9-1.1.mga7 docker-vim-18.09.9-1.1.mga7 docker-zsh-completion-18.09.9-1.1.mga7 docker-nano-18.09.9-1.1.mga7 from docker-18.09.9-1.1.mga7.src.rpm
mageia7, x64 Updates installed OK. Cannot make anything of the issue this bug deals with. Utility test following earlier docker tests: bugs:https://bugs.mageia.org/show_bug.cgi?id=24374 and https://bugs.mageia.org/show_bug.cgi?id=25374. Started docker dæmon. $ sudo systemctl start docker $ systemctl status docker ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor pre> Active: active (running) since Sun 2020-06-21 23:04:38 BST; 17s ago Docs: http://docs.docker.com .... $ sudo usermod -aG docker lcl Logged out and in. $ id uid=1000(lcl) gid=1000(lcl) groups=1000(lcl),956(docker) $ sudo systemctl restart docker $ docker version Client: Version: 18.09.0-dev API version: 1.39 Go version: go1.12.17 [...] Server: Engine: Version: 18.09.9 API version: 1.39 (minimum version 1.12) .... $ go version go version go1.12.17 linux/amd64 $ docker run debian echo "Hello World" Unable to find image 'debian:latest' locally latest: Pulling from library/debian e9afc4f90ab0: Pull complete Digest: sha256:46d659005ca1151087efa997f1039ae45a7bf7a2cbbe2d17d3dcbda632a3ee9a Status: Downloaded newer image for debian:latest Hello World $ docker run -h Debby -i -t debian /bin/bash root@Debby:/# echo "Message from shell Debby in container debian" Message from shell Debby in container debian root@Debby:/# mv /bin /basket root@Debby:/# ls bash: ls: command not found root@Debby:/# mv /basket /bin bash: /bin/mv: No such file or directory root@Debby:/# exit exit $ docker run -h Debby -i -t debian /bin/bash root@Debby:/# ls bin dev home lib64 mnt proc run srv tmp var boot etc lib media opt root sbin sys usr From another terminal: $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6904a31f2761 debian "/bin/bash" About a minute ago Up About a minute stoic_haslett $ docker inspect stoic_haslett [ { "Id": "6904a31f2761f4b3aa3af80e7a3b09ed3e95daa869738c82a06d32b4baba3a05", "Created": "2020-06-21T22:24:38.119481243Z", "Path": "/bin/bash", <lots of information> $ $ docker inspect stoic_haslett | egrep "MacAddress|IPAddress" "SecondaryIPAddresses": null, "IPAddress": "172.17.0.2", "MacAddress": "02:42:ac:11:00:02", "IPAddress": "172.17.0.2", "MacAddress": "02:42:ac:11:00:02", $ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6904a31f2761 debian "/bin/bash" 10 minutes ago Up 10 minutes stoic_haslett 9eba09a118f0 debian "/bin/bash" 16 minutes ago Exited (127) 13 minutes ago determined_wilson 2990742378f8 debian "echo 'Hello World'" 17 minutes ago Exited (0) 17 minutes ago priceless_banach $ docker rm 9eba09a118f0 9eba09a118f0 $ docker rm 2990742378f8 2990742378f8 $ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6904a31f2761 debian "/bin/bash" 12 minutes ago Up 12 minutes stoic_haslett $ docker run hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world 0e03bdcc26d7: Pull complete Digest: sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly. $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE debian latest 1b686a95ddbf 12 days ago 114MB hello-world latest bf756fb1ae65 5 months ago 13.3kB $ docker pull fedora Using default tag: latest latest: Pulling from library/fedora 4c69497db035: Pull complete Digest: sha256:ee55117b3058f2f12961184fae4b9c392586e400487626c6bd0d15b4eae94ecc Status: Downloaded newer image for fedora:latest $ docker ps -a | grep fedora $ $ docker run -ti fedora:latest /bin/bash [root@be99974599e8 /]# dnf install ruby Fedora Modular 31 - x86_64 1.6 MB/s | 5.2 MB 00:03 Fedora Modular 31 - x86_64 - Updates 1.6 MB/s | 4.1 MB 00:02 Fedora 31 - x86_64 - Updates 4.1 MB/s | 26 MB 00:06 Fedora 31 - x86_64 4.1 MB/s | 71 MB 00:17 Last metadata expiration check: 0:00:01 ago on Sun Jun 21 22:44:14 2020. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: ruby x86_64 2.6.6-125.fc31 updates 40 k Installing dependencies: ruby-libs x86_64 2.6.6-125.fc31 updates 3.0 M rubygem-irb noarch 1.0.0-125.fc31 updates 62 k rubygem-json x86_64 2.2.0-202.fc31 updates 57 k rubygem-psych x86_64 3.1.0-125.fc31 updates 49 k rubypick noarch 1.1.1-11.fc31 fedora 9.8 k Installing weak dependencies: rubygem-bigdecimal x86_64 1.4.1-125.fc31 updates 55 k rubygem-did_you_mean noarch 1.3.0-125.fc31 updates 35 k rubygem-io-console x86_64 0.4.7-125.fc31 updates 20 k rubygem-openssl x86_64 2.1.2-125.fc31 updates 151 k rubygem-rdoc noarch 6.1.2-125.fc31 updates 406 k rubygems noarch 3.0.3-125.fc31 updates 245 k Transaction Summary ================================================================================ Install 12 Packages Total download size: 4.1 M Installed size: 15 M Is this ok [y/N]: y [...] [root@be99974599e8 /]# irb irb(main):001:0> 1.upto( 16 ).inject( :+ ) => 136 irb(main):002:0> exit # dnf install tcsh Last metadata expiration check: 0:06:57 ago on Sun Jun 21 22:44:14 2020. Dependencies resolved. [...] Complete! [root@be99974599e8 /]# exit exit $ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES be99974599e8 fedora:latest "/bin/bash" 10 minutes ago Exited (127) 21 seconds ago elastic_spence 1191cd742ca9 fedora:latest "/bin/fish" 11 minutes ago Created recursing_lamport 39b52a3e7714 hello-world "/hello" 15 minutes ago Exited (0) 15 minutes ago inspiring_chatterjee 6904a31f2761 debian "/bin/bash" 29 minutes ago Exited (0) 13 minutes ago stoic_haslett Everything seems to work at this basic level. Creating docker images is another chapter.
CC: (none) => tarazed25Whiteboard: (none) => MGA7-64-OK
Sorry - forgot the cowsay test. $ docker run -it --name cowsay --hostname cowsay debian bash root@cowsay:/# apt-get update Get:1 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB] Get:2 http://deb.debian.org/debian buster InRelease [121 kB] Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB] Get:4 http://security.debian.org/debian-security buster/updates/main amd64 Packages [204 kB] Get:5 http://deb.debian.org/debian buster/main amd64 Packages [7905 kB] Get:6 http://deb.debian.org/debian buster-updates/main amd64 Packages [7868 B] Fetched 8355 kB in 3s (3087 kB/s) Reading package lists... Done root@cowsay:/# apt-get install -y cowsay fortune [...] Setting up cowsay (3.03+dfsg2-6) ... Processing triggers for libc-bin (2.28-10) ... root@cowsay:/# /usr/games/fortune | /usr/games/cowsay _____________________________________ < You will be divorced within a year. > ------------------------------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || root@cowsay:/# Fortunately the up arrow works... root@cowsay:/# /usr/games/fortune | /usr/games/cowsay _______________________________________ / Kindness is a language which the deaf \ | can hear and the blind can read. | | | \ -- Mark Twain / --------------------------------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || root@cowsay:/# exit exit
The cowsay test. I'll have to remember that one. Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
openSUSE has issued an advisory for this today (June 23): https://lists.opensuse.org/opensuse-updates/2020-06/msg00090.html
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0279.html
Status: NEW => RESOLVEDResolution: (none) => FIXED