Hello all,
Per the release notes, updates for CVE-2019-5736 were included in runc-1.0.0-59.dev.git2abd837.el7.centos.x86_64.rpm and docker-1.13.1-91.git07f3374.el7.centos.x86_64.rpm. Our vulnerability scanning vendor wants a CESA bulletin number to reference before they write code to detect vulnerable versions of these packages.
Does anybody know why a CESA was not developed for these updates? Am I missing something? I searched for answers in a variety of sources, but could find none. If we present them with an explanation, we may have an easier time convincing them to write the detection code. Thanks in advance!
Upstream details here: https://access.redhat.com/errata/RHSA-2019:0303 and here: https://access.redhat.com/errata/RHSA-2019:0304
CESA for CVE-2019-5736 runc and docker updates?
-
- Site Admin
- Posts: 254
- Joined: 2004/12/05 01:51:26
- Location: Corpus Christi, Texas, USA
- Contact:
Re: CESA for CVE-2019-5736 runc and docker updates?
We only announce updates for the Base repositories, not the extras repositories. runc and docker are in Extras.
-
- Posts: 4
- Joined: 2019/03/26 17:30:42
Re: CESA for CVE-2019-5736 runc and docker updates?
Exactly what I was looking for. Thank you.