Oracle Linux 7 : docker-cli / docker-engine (ELSA-2020-5739)

High Nessus Plugin ID 137821

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

docker-cli [19.03.11-4]
- added patch for registry list

[19.03.11-3]
- update to 19.03.11 for CVE-2020-13401

[19.03.1-1.0.0]
- update to 19.03.1

[19.03-0.0.1]
- update to 19.03

[18.09.1-1.0.6]
- disable kmem accounting for UEKR4

[18.09.1-1.0.5]
- apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736

[18.09.1-1.0.4]
- fix authentication error when using docker hub and using
--default-registry

[18.09.1-1.0.3]
- fix authentication errors when using docker hub

[18.09-1.0.0]
- rename to docker-cli

[18.09-0.0.1]
- merge docker-engine.spec changes by Oracle into docker-ce-cli.spec from upstream 18.09 branch

docker-engine [19.03.11-4]
- added patch for registry list

[19.03.11-3]
- update to 19.03.11 for CVE-2020-13401

[19.03.1-1.0.0]
- update to 19.03.1

[19.03-0.0.1]
- update to 19.03

[18.09.1-1.0.6]
- disable kmem accounting for UEKR4

[18.09.1-1.0.5]
- apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736

[18.09.1-1.0.4]
- fix authentication error when using docker hub and using
--default-registry

[18.09.1-1.0.3]
- fix authentication errors when using docker hub

[18.09.1-1.0.2]
- use epoch in container-selinux dependency

[18.09.1-1.0.1]
- fix 'docker cp doesn't work for btrfs' (OLM-158)
- update build to Go 1.10.8

[18.09.1-1.0.0]
- update to 18.09.1

[18.09-1.0.0]
- rename back to docker-engine, rename dockerd-ce to dockerd and stop using alternatives

[18.09-0.0.1]
- merge docker-engine.spec changes by Oracle into docker-ce.spec from upstream 18.09 branch

[18.03.1.ol-0.0.7]
- fix [orabug 28452214] and [orabug 28461404]

[18.03.1.ol-0.0.6]
- obsolete/provide the docker package [orabug 28216396]
- Fix docker plugin reference resolution [orabug 28376247]

[18.03.1.ol-1.0.4]
- Fixed issue where RPM overwrites config files

[17.12.0.ol-1.0.1]
- Update docker-engine package for upstream 17.12.0

[17.09.1.ol-1.0.2]
- Update docker-engine package for upstream 17.09.1

[17.06.2.ol-1.0.1]
- Update docker-engine package for upstream 17.06.2 [orabug 26673768]
- Migrate to new 'ol'-based versioning
- add docker-storage-config utility

[17.03.1-ce-3.0.1]
- Update docker-engine package for upstream 17.03.1
- Enable configuration of Docker daemon via sysconfig [orabug 21804877]
- Require UEK4 for docker 1.9 [orabug 22235639 22235645]
- Add docker.conf for prelink [orabug 25147708]
- Update oracle linux selinux policy to match upstream [orabug 25653794]
- Use dockerd instead of docker daemon as it is deprecated [orabug 25653794]

Solution

Update the affected docker-cli and / or docker-engine packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2020-June/010088.html

Plugin Details

Severity: High

ID: 137821

File Name: oraclelinux_ELSA-2020-5739.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2020/06/25

Updated: 2020/06/29

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 8.6

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:docker-cli, p-cpe:/a:oracle:linux:docker-engine, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: No known exploits are available

Patch Publication Date: 2020/06/24

Vulnerability Publication Date: 2019/02/11

Reference Information

CVE: CVE-2019-5736, CVE-2020-13401