backport cve-2019-5736 to release-2.8 (#4234)

* [SECURITY] Docker patches for CVE-2019-5736 (#4223) This updates docker 18.06 and 18.09 with the two patches released yesterday to address the new runc exploit. Details here: https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/ * keep edge versions to same minor * keep edge versions to same minor
kubernetes-sigs · Feb 14, 2019 · ea41fc5 · ea41fc5
1 parent 4167807
commit ea41fc5
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 11 deletions.
diff --git a/roles/container-engine/docker/vars/debian.yml b/roles/container-engine/docker/vars/debian.yml
@@ -13,8 +13,8 @@ docker_versioned_pkg:
   '17.09': docker-ce=17.09.0~ce-0~debian
   '17.12': docker-ce=17.12.1~ce-0~debian
   '18.03': docker-ce=18.03.1~ce-0~debian
-  '18.06': docker-ce=18.06.1~ce~3-0~debian
-  'stable': docker-ce=18.06.1~ce~3-0~debian
+  '18.06': docker-ce=18.06.2~ce~3-0~debian
+  'stable': docker-ce=18.06.2~ce~3-0~debian
   'edge': docker-ce=17.12.1~ce-0~debian
 
 docker_package_info:

diff --git a/roles/container-engine/docker/vars/fedora.yml b/roles/container-engine/docker/vars/fedora.yml
@@ -6,7 +6,7 @@ docker_kernel_min_version: '0'
 docker_versioned_pkg:
   'latest': docker-ce
   '18.03': docker-ce-18.03.1.ce-3.fc28
-  '18.06': docker-ce-18.06.1.ce-3.fc28
+  '18.06': docker-ce-18.06.2.ce-3.fc28
 
 #
 # This is due to the fact that the docker

diff --git a/roles/container-engine/docker/vars/redhat.yml b/roles/container-engine/docker/vars/redhat.yml
@@ -14,8 +14,8 @@ docker_versioned_pkg:
   '17.09': docker-ce-17.09.0.ce-1.el7.centos
   '17.12': docker-ce-17.12.1.ce-1.el7.centos
   '18.03': docker-ce-18.03.1.ce-1.el7.centos
-  '18.06': docker-ce-18.06.1.ce-3.el7
-  'stable': docker-ce-18.06.1.ce-3.el7
+  '18.06': docker-ce-18.06.2.ce-3.el7
+  'stable': docker-ce-18.06.2.ce-3.el7
   'edge': docker-ce-17.12.1.ce-1.el7.centos
 
 docker_selinux_versioned_pkg:

diff --git a/roles/container-engine/docker/vars/ubuntu-amd64.yml b/roles/container-engine/docker/vars/ubuntu-amd64.yml
@@ -10,9 +10,9 @@ docker_versioned_pkg:
   '17.03': docker-ce=17.03.2~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
   '17.09': docker-ce=17.09.0~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
   '17.12': docker-ce=17.12.1~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
-  '18.06': docker-ce=18.06.1~ce~3-0~ubuntu
-  'stable': docker-ce=18.06.1~ce~3-0~ubuntu
-  'edge': docker-ce=18.06.1~ce~3-0~ubuntu
+  '18.06': docker-ce=18.06.2~ce~3-0~ubuntu
+  'stable': docker-ce=18.06.2~ce~3-0~ubuntu
+  'edge': docker-ce=18.06.2~ce~3-0~ubuntu
 
 docker_package_info:
   pkg_mgr: apt

diff --git a/roles/container-engine/docker/vars/ubuntu-arm64.yml b/roles/container-engine/docker/vars/ubuntu-arm64.yml
@@ -6,9 +6,9 @@ docker_versioned_pkg:
   'latest': docker-ce
   '17.09': docker-ce=17.09.1~ce-0~ubuntu
   '17.12': docker-ce=17.12.1~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
-  '18.06': docker-ce=18.06.1~ce~3-0~ubuntu
-  'stable': docker-ce=18.06.1~ce~3-0~ubuntu
-  'edge': docker-ce=18.06.1~ce~3-0~ubuntu
+  '18.06': docker-ce=18.06.2~ce~3-0~ubuntu
+  'stable': docker-ce=18.06.2~ce~3-0~ubuntu
+  'edge': docker-ce=18.06.2~ce~3-0~ubuntu
 
 docker_package_info:
   pkg_mgr: apt