CESA for CVE-2019-5736 runc and docker updates?

Support for security such as Firewalls and securing linux
Post Reply
TestUser95
Posts: 2
Joined: 2019/03/26 17:30:42

CESA for CVE-2019-5736 runc and docker updates?

Post by TestUser95 » 2019/03/26 17:46:04

Hello all,

Per the release notes, updates for CVE-2019-5736 were included in runc-1.0.0-59.dev.git2abd837.el7.centos.x86_64.rpm and docker-1.13.1-91.git07f3374.el7.centos.x86_64.rpm. Our vulnerability scanning vendor wants a CESA bulletin number to reference before they write code to detect vulnerable versions of these packages.

Does anybody know why a CESA was not developed for these updates? Am I missing something? I searched for answers in a variety of sources, but could find none. If we present them with an explanation, we may have an easier time convincing them to write the detection code. Thanks in advance!

Upstream details here: https://access.redhat.com/errata/RHSA-2019:0303 and here: https://access.redhat.com/errata/RHSA-2019:0304

hughesjr
Site Admin
Posts: 250
Joined: 2004/12/05 01:51:26
Location: Corpus Christi, Texas, USA
Contact:

Re: CESA for CVE-2019-5736 runc and docker updates?

Post by hughesjr » 2019/03/27 12:56:23

We only announce updates for the Base repositories, not the extras repositories. runc and docker are in Extras.

TestUser95
Posts: 2
Joined: 2019/03/26 17:30:42

Re: CESA for CVE-2019-5736 runc and docker updates?

Post by TestUser95 » 2019/03/27 16:10:33

Exactly what I was looking for. Thank you.

Post Reply