Bug 1172377 (CVE-2020-13401) - VUL-0: CVE-2020-13401: docker: [trackerbug] Docker 19.03.11 update
Summary: VUL-0: CVE-2020-13401: docker: [trackerbug] Docker 19.03.11 update
Status: RESOLVED FIXED
Alias: CVE-2020-13401
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv3.1:SUSE:CVE-2020-13401:6.0:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-06-02 08:41 UTC by Aleksa Sarai
Modified: 2020-12-09 09:32 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aleksa Sarai 2020-06-02 08:41:36 UTC
- Update to Docker 19.03.11-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-13401
Comment 1 OBSbugzilla Bot 2020-06-03 12:10:06 UTC
This is an autogenerated message for OBS integration:
This bug (1172377) was mentioned in
https://build.opensuse.org/request/show/811117 Factory / containerd
https://build.opensuse.org/request/show/811118 Factory / docker
https://build.opensuse.org/request/show/811119 Factory / docker-runc
https://build.opensuse.org/request/show/811120 Factory / golang-github-docker-libnetwork
Comment 3 Swamp Workflow Management 2020-06-18 13:14:47 UTC
SUSE-SU-2020:1664-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1172377
CVE References: CVE-2020-13401
Sources used:
SUSE Linux Enterprise Module for Containers 12 (src):    containerd-1.2.13-16.29.1, docker-19.03.11_ce-98.54.1, docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-1.46.1, golang-github-docker-libnetwork-0.7.0.1+gitr2902_153d0769a118-31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 4 Swamp Workflow Management 2020-06-18 13:37:14 UTC
SUSE-SU-2020:1657-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1172377
CVE References: CVE-2020-13401
Sources used:
SUSE Linux Enterprise Module for Containers 15-SP1 (src):    containerd-1.2.13-5.22.2, docker-19.03.11_ce-6.34.2, docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.38.2, golang-github-docker-libnetwork-0.7.0.1+gitr2902_153d0769a118-4.21.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2020-06-22 22:12:39 UTC
openSUSE-SU-2020:0846-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1172377
CVE References: CVE-2020-13401
Sources used:
openSUSE Leap 15.1 (src):    containerd-1.2.13-lp151.2.12.1, docker-19.03.11_ce-lp151.2.18.1, docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-lp151.3.21.1, golang-github-docker-libnetwork-0.7.0.1+gitr2902_153d0769a118-lp151.2.12.1
Comment 6 Swamp Workflow Management 2020-07-15 16:32:39 UTC
SUSE-SU-2020:1657-2: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1172377
CVE References: CVE-2020-13401
Sources used:
SUSE Linux Enterprise Module for Containers 15-SP2 (src):    containerd-1.2.13-5.22.2, docker-19.03.11_ce-6.34.2, docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.38.2, golang-github-docker-libnetwork-0.7.0.1+gitr2902_153d0769a118-4.21.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Dirk Mueller 2020-08-10 20:05:21 UTC
Looks all fixed?
Comment 8 Aleksa Sarai 2020-08-11 08:46:53 UTC
(In reply to Dirk Mueller from comment #7)
> Looks all fixed?

Yeah this package has been updated everywhere as far as I know.
Comment 9 Marcus Meissner 2020-12-09 09:32:19 UTC
released