Advisories » MGASA-2019-0076

Updated docker packages fix security vulnerability

Publication date: 13 Feb 2019
Modification date: 13 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-20699

Description

Docker Engine before 18.09 allows attackers to cause a denial of service
(dockerd memory consumption) via a large integer in a --cpuset-mems or
--cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go,
and pkg/sysinfo/sysinfo.go (CVE-2018-20699).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24289
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LYP4H4PVCY43Z7LGZZQJ24SVGS54BVKQ/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20699

SRPMS

6/core

• docker-18.06.1-1.2.mga6