Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

app-emulation/docker: bump docker to 19.03.1 #62

Merged
merged 1 commit into from Aug 13, 2019

Conversation

@dongsupark
Copy link
Contributor

commented Aug 12, 2019

Upgrade docker to 19.03.1, to mainly fix the following issues:

  • Masked the secrets updated to the log files when running Docker Engine in debug mode. If a Docker engine is running in debug mode, and docker stack deploy is used to redeploy a stack which includes non-external secrets, the logs will contain the secret. See also CVE-2019-13509

  • Fixed loading of nsswitch based config inside chroot under Glibc. See also CVE-2019-14271

Also use go 1.12 instead of 1.10, because the recent docker cannot be compiled with go 1.10.

This PR should be merged together with flatcar-linux/scripts#17.

@pothos
pothos approved these changes Aug 12, 2019
app-emulation/docker: bump docker to 19.03.1
Upgrade docker to 19.03.1, to mainly fix the following issues:

* Masked the secrets updated to the log files when running Docker Engine
  in debug mode. If a Docker engine is running in debug mode, and docker
  stack deploy is used to redeploy a stack which includes non-external
  secrets, the logs will contain the secret.
  See also [CVE-2019-13509](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509)

* Fixed loading of nsswitch based config inside chroot under Glibc.
  See also [CVE-2019-14271](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271)

Also use go 1.12 instead of 1.10, because the recent docker cannot be
compiled with go 1.10.

@dongsupark dongsupark force-pushed the dongsu/docker-19.03.1 branch from 165aa65 to 7229ba9 Aug 13, 2019

@dongsupark

This comment has been minimized.

Copy link
Contributor Author

commented Aug 13, 2019

Fixed a bug with the name of torcx manifest.
./app-torcx/docker/files/docker-19.03-manifest.json.

@dongsupark

This comment has been minimized.

Copy link
Contributor Author

commented Aug 13, 2019

Tested. Finally works. Merging.

@dongsupark dongsupark merged commit b7cac48 into flatcar-master-edge Aug 13, 2019

@dongsupark dongsupark deleted the dongsu/docker-19.03.1 branch Aug 13, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.