Synopsis: Moderate: docker security and bug fix update
Advisory ID: SLSA-2020:1234-1
Issue Date: 2020-04-07
CVE Numbers: CVE-2019-16884
CVE-2020-8945
CVE-2020-1702
—
* runc: AppArmor/SELinux bypass with malicious image that specifies a
volume at /proc
* proglottis/gpgme: Use-after-free in GPGME bindings during container image
pull
* containers/image: Container images read entire image manifest into memory
—
SL7
x86_64
docker-novolume-plugin-1.13.1-161.git64e9980.el7_8.x86_64.rpm
docker-1.13.1-161.git64e9980.el7_8.x86_64.rpm
docker-lvm-plugin-1.13.1-161.git64e9980.el7_8.x86_64.rpm
docker-v1.10-migrator-1.13.1-161.git64e9980.el7_8.x86_64.rpm
docker-common-1.13.1-161.git64e9980.el7_8.x86_64.rpm
docker-logrotate-1.13.1-161.git64e9980.el7_8.x86_64.rpm
docker-client-1.13.1-161.git64e9980.el7_8.x86_64.rpm
docker-rhel-push-plugin-1.13.1-161.git64e9980.el7_8.x86_64.rpm
– Scientific Linux Development Team
