Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#63220 - [docker] [Security] privilege escalation (CVE-2018-15664)
Attached to Project:
Community Packages
Opened by Gabriel (Hotice321) - Wednesday, 17 July 2019, 22:19 GMT
Last edited by Sébastien Luttringer (seblu) - Sunday, 01 September 2019, 10:32 GMT
Opened by Gabriel (Hotice321) - Wednesday, 17 July 2019, 22:19 GMT
Last edited by Sébastien Luttringer (seblu) - Sunday, 01 September 2019, 10:32 GMT
|
DetailsSummary
======= The package docker is vulnerable to privilege escalation via CVE-2018-15664. Guidance ======== <give a short guidance for the maintainer.. what shall he/she do? include a patch? Just upgrade?> References ========== Gabriel https://security.archlinux.org/AVG-968 https://seclists.org/oss-sec/2019/q2/131 https://bugzilla.suse.com/show_bug.cgi?id=1096726 |
This task depends upon
Closed by Sébastien Luttringer (seblu)
Sunday, 01 September 2019, 10:32 GMT
Reason for closing: Upstream
Sunday, 01 September 2019, 10:32 GMT
Reason for closing: Upstream
https://github.com/docker/engine/commit/d089b639372a8f9301747ea56eaf0a42df24016a
https://github.com/docker/engine/commit/3029e765e241ea2b5249868705dbf9095bc4d529
Are you able to exploit CVE-2018-15664 in docker 1:18.09.7-1 ?