Bug 27709 - docker new security issue CVE-2020-15257
Summary: docker new security issue CVE-2020-15257
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Bruno Cornec
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on: 28282
Blocks:
  Show dependency treegraph
 
Reported: 2020-12-02 16:24 CET by David Walser
Modified: 2021-07-01 18:24 CEST (History)
1 user (show)

See Also:
Source RPM: docker-18.09.9-1.2.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2020-12-02 16:24:09 CET
Docker 19.03.14 has been released on December 1, fixing a security issue:
https://github.com/docker/docker-ce/blob/v19.03.14/CHANGELOG.md

More details:
https://www.openwall.com/lists/oss-security/2020/11/30/6
https://ubuntu.com/security/notices/USN-4653-1
David Walser 2020-12-02 16:24:15 CET

Whiteboard: (none) => MGA7TOO

Comment 1 David Walser 2020-12-03 15:58:08 CET
docker-19.03.14-1.mga8 uploaded for Cauldron by Bruno.

Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7

Comment 2 Bruno Cornec 2020-12-03 19:26:04 CET
Thanks David ! I've also now pushed docker-containerd as the issue is related to that component. I need to check whether the code is in fact also embedded into docker itself or not, as for mga7 that would chnage stuff.
David Walser 2021-02-02 20:57:44 CET

Depends on: (none) => 28282

Comment 3 David Walser 2021-02-28 15:13:00 CET
Debian has issued an advisory for this on February 27:
https://www.debian.org/security/2021/dsa-4865
Comment 4 Morgan Leijström 2021-06-06 16:43:31 CEST
(In reply to David Walser from comment #1)
> docker-19.03.14-1.mga8 uploaded for Cauldron by Bruno.

A that time Cauldron was Mageia 8, which is now released...

Newer 19.03.15-1.mga8 is in Core Release, from Bug 28282  apparently.

So I guess this bug can be closed fixed, unless there is stuff to be done/tested for comment 2 ?

And now 20.10.5-1.mga8 is in Core Updates Testing, Bug 27251

CC: (none) => fri

Comment 5 Morgan Leijström 2021-06-06 16:49:04 CEST
Ah, this bug is set for mga7 only, latest in mga7 updates is
docker-18.09.9-1.2.mga7, and no docker in mga7 updates testing.

There is only three weeks left of mga7 support.
Comment 6 David Walser 2021-07-01 18:24:52 CEST
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/

Resolution: (none) => OLD
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.