Use Docker 18.09.2 on Ubuntu to fix CVE-2019-573. Remove Docker version from API #193

xmudrii · 2019-02-13T11:03:36Z

What this PR does / why we need it:

Fixed:

CVE is fixed for Ubuntu by installing Docker 18.09.2
[Breaking] .versions.docker API field is removed

Non-fixed:

CVE for CentOS is not fixed, however it seems to use the latest version as there's no version binding

Action not required:

CoreOS Docker version depends on the CoreOS version

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #192

Release note:

Deploy Docker 18.09.2 when provisioning Ubuntu clusters to fix CVE-2019-573. Remove API field for choosing Docker version.

/assign @kron4eg

kron4eg · 2019-02-13T11:07:37Z

pkg/installer/installation/prerequisites.go

@@ -143,12 +142,12 @@ echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | \
     sudo tee /etc/apt/sources.list.d/kubernetes.list
 sudo apt-get update

-docker_ver=$(apt-cache madison docker-ce | grep "{{ .DOCKER_VERSION }}" | head -1 | awk '{print $3}')
+docker_pkg="docker-ce=5:18.09.2~3-0~ubuntu-bionic"


that 18.09.2 should be a constant and please bring apt-cache madison back to find actual dpkg version

please check now

kron4eg · 2019-02-13T11:33:04Z

/lgtm
/approve

kubermatic-bot · 2019-02-13T11:33:06Z

LGTM label has been added.

Git tree hash: 0671eeedd65d7083462e72f023307841c73fd457

kubermatic-bot · 2019-02-13T11:33:09Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kron4eg

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [kron4eg]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

kubermatic-bot assigned kron4eg Feb 13, 2019

kubermatic-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Feb 13, 2019

kron4eg reviewed Feb 13, 2019

View reviewed changes

xmudrii force-pushed the cve-2019-573 branch from 1fbfe04 to 60463dd Compare February 13, 2019 11:13

Use Docker 18.09.2 on Ubuntu. Remove Docker version from API

5f63b8c

xmudrii force-pushed the cve-2019-573 branch from 60463dd to 5f63b8c Compare February 13, 2019 11:16

kubermatic-bot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Feb 13, 2019

kubermatic-bot added the lgtm Indicates that a PR is ready to be merged. label Feb 13, 2019

kubermatic-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 13, 2019

kubermatic-bot merged commit a15cb74 into master Feb 13, 2019

kubermatic-bot deleted the cve-2019-573 branch February 13, 2019 11:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use Docker 18.09.2 on Ubuntu to fix CVE-2019-573. Remove Docker version from API #193

Use Docker 18.09.2 on Ubuntu to fix CVE-2019-573. Remove Docker version from API #193

xmudrii commented Feb 13, 2019

kron4eg Feb 13, 2019

xmudrii Feb 13, 2019

kron4eg commented Feb 13, 2019

kubermatic-bot commented Feb 13, 2019

kubermatic-bot commented Feb 13, 2019

Use Docker 18.09.2 on Ubuntu to fix CVE-2019-573. Remove Docker version from API #193

Use Docker 18.09.2 on Ubuntu to fix CVE-2019-573. Remove Docker version from API #193

Conversation

xmudrii commented Feb 13, 2019

kron4eg Feb 13, 2019

Choose a reason for hiding this comment

xmudrii Feb 13, 2019

Choose a reason for hiding this comment

kron4eg commented Feb 13, 2019

kubermatic-bot commented Feb 13, 2019

kubermatic-bot commented Feb 13, 2019