From ea41fc5e742daf525bf4f23f0709b2008eeb49fb Mon Sep 17 00:00:00 2001
From: Bort Verwilst <bart@intux.be>
Date: Thu, 14 Feb 2019 09:55:54 +0100
Subject: [PATCH] backport cve-2019-5736 to release-2.8 (#4234)

* [SECURITY] Docker patches for CVE-2019-5736 (#4223)

This updates docker 18.06 and 18.09 with the two patches released
yesterday to address the new runc exploit. Details here:
https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/

* keep edge versions to same minor

* keep edge versions to same minor
---
 roles/container-engine/docker/vars/debian.yml       | 4 ++--
 roles/container-engine/docker/vars/fedora.yml       | 2 +-
 roles/container-engine/docker/vars/redhat.yml       | 4 ++--
 roles/container-engine/docker/vars/ubuntu-amd64.yml | 6 +++---
 roles/container-engine/docker/vars/ubuntu-arm64.yml | 6 +++---
 5 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/roles/container-engine/docker/vars/debian.yml b/roles/container-engine/docker/vars/debian.yml
index fe53f139..1b58d0e1 100644
--- a/roles/container-engine/docker/vars/debian.yml
+++ b/roles/container-engine/docker/vars/debian.yml
@@ -13,8 +13,8 @@ docker_versioned_pkg:
   '17.09': docker-ce=17.09.0~ce-0~debian
   '17.12': docker-ce=17.12.1~ce-0~debian
   '18.03': docker-ce=18.03.1~ce-0~debian
-  '18.06': docker-ce=18.06.1~ce~3-0~debian
-  'stable': docker-ce=18.06.1~ce~3-0~debian
+  '18.06': docker-ce=18.06.2~ce~3-0~debian
+  'stable': docker-ce=18.06.2~ce~3-0~debian
   'edge': docker-ce=17.12.1~ce-0~debian
 
 docker_package_info:
diff --git a/roles/container-engine/docker/vars/fedora.yml b/roles/container-engine/docker/vars/fedora.yml
index 87bc8578..3fe6a042 100644
--- a/roles/container-engine/docker/vars/fedora.yml
+++ b/roles/container-engine/docker/vars/fedora.yml
@@ -6,7 +6,7 @@ docker_kernel_min_version: '0'
 docker_versioned_pkg:
   'latest': docker-ce
   '18.03': docker-ce-18.03.1.ce-3.fc28
-  '18.06': docker-ce-18.06.1.ce-3.fc28
+  '18.06': docker-ce-18.06.2.ce-3.fc28
 
 #
 # This is due to the fact that the docker
diff --git a/roles/container-engine/docker/vars/redhat.yml b/roles/container-engine/docker/vars/redhat.yml
index 41f62c70..11d145b1 100644
--- a/roles/container-engine/docker/vars/redhat.yml
+++ b/roles/container-engine/docker/vars/redhat.yml
@@ -14,8 +14,8 @@ docker_versioned_pkg:
   '17.09': docker-ce-17.09.0.ce-1.el7.centos
   '17.12': docker-ce-17.12.1.ce-1.el7.centos
   '18.03': docker-ce-18.03.1.ce-1.el7.centos
-  '18.06': docker-ce-18.06.1.ce-3.el7
-  'stable': docker-ce-18.06.1.ce-3.el7
+  '18.06': docker-ce-18.06.2.ce-3.el7
+  'stable': docker-ce-18.06.2.ce-3.el7
   'edge': docker-ce-17.12.1.ce-1.el7.centos
 
 docker_selinux_versioned_pkg:
diff --git a/roles/container-engine/docker/vars/ubuntu-amd64.yml b/roles/container-engine/docker/vars/ubuntu-amd64.yml
index 6b91267b..c5920519 100644
--- a/roles/container-engine/docker/vars/ubuntu-amd64.yml
+++ b/roles/container-engine/docker/vars/ubuntu-amd64.yml
@@ -10,9 +10,9 @@ docker_versioned_pkg:
   '17.03': docker-ce=17.03.2~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
   '17.09': docker-ce=17.09.0~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
   '17.12': docker-ce=17.12.1~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
-  '18.06': docker-ce=18.06.1~ce~3-0~ubuntu
-  'stable': docker-ce=18.06.1~ce~3-0~ubuntu
-  'edge': docker-ce=18.06.1~ce~3-0~ubuntu
+  '18.06': docker-ce=18.06.2~ce~3-0~ubuntu
+  'stable': docker-ce=18.06.2~ce~3-0~ubuntu
+  'edge': docker-ce=18.06.2~ce~3-0~ubuntu
 
 docker_package_info:
   pkg_mgr: apt
diff --git a/roles/container-engine/docker/vars/ubuntu-arm64.yml b/roles/container-engine/docker/vars/ubuntu-arm64.yml
index 1033b5ff..14014df1 100644
--- a/roles/container-engine/docker/vars/ubuntu-arm64.yml
+++ b/roles/container-engine/docker/vars/ubuntu-arm64.yml
@@ -6,9 +6,9 @@ docker_versioned_pkg:
   'latest': docker-ce
   '17.09': docker-ce=17.09.1~ce-0~ubuntu
   '17.12': docker-ce=17.12.1~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
-  '18.06': docker-ce=18.06.1~ce~3-0~ubuntu
-  'stable': docker-ce=18.06.1~ce~3-0~ubuntu
-  'edge': docker-ce=18.06.1~ce~3-0~ubuntu
+  '18.06': docker-ce=18.06.2~ce~3-0~ubuntu
+  'stable': docker-ce=18.06.2~ce~3-0~ubuntu
+  'edge': docker-ce=18.06.2~ce~3-0~ubuntu
 
 docker_package_info:
   pkg_mgr: apt
-- 
GitLab