From 2e2ed3bd3556681c708931a7943a2de3155bc08a Mon Sep 17 00:00:00 2001
From: Chad Swenson <chadswen@gmail.com>
Date: Wed, 13 Feb 2019 03:50:53 -0600
Subject: [PATCH] [SECURITY] Docker patches for CVE-2019-5736 (#4223)

This updates docker 18.06 and 18.09 with the two patches released
yesterday to address the new runc exploit. Details here:
https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
---
 roles/container-engine/docker/vars/debian.yml       | 6 +++---
 roles/container-engine/docker/vars/fedora.yml       | 2 +-
 roles/container-engine/docker/vars/redhat.yml       | 8 ++++----
 roles/container-engine/docker/vars/ubuntu-amd64.yml | 8 ++++----
 roles/container-engine/docker/vars/ubuntu-arm64.yml | 8 ++++----
 5 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/roles/container-engine/docker/vars/debian.yml b/roles/container-engine/docker/vars/debian.yml
index fe06e6d4f..6f00bbcfc 100644
--- a/roles/container-engine/docker/vars/debian.yml
+++ b/roles/container-engine/docker/vars/debian.yml
@@ -13,9 +13,9 @@ docker_versioned_pkg:
   '17.09': docker-ce=17.09.0~ce-0~debian
   '17.12': docker-ce=17.12.1~ce-0~debian
   '18.03': docker-ce=18.03.1~ce-0~debian
-  '18.06': docker-ce=18.06.1~ce~3-0~debian
-  '18.09': docker-ce_18.09.1~3-0~debian-{{ ansible_distribution_release|lower }}
-  'stable': docker-ce=18.06.1~ce~3-0~debian
+  '18.06': docker-ce=18.06.2~ce~3-0~debian
+  '18.09': docker-ce_18.09.2~3-0~debian-{{ ansible_distribution_release|lower }}
+  'stable': docker-ce=18.06.2~ce~3-0~debian
   'edge': docker-ce=17.12.1~ce-0~debian
 
 docker_package_info:
diff --git a/roles/container-engine/docker/vars/fedora.yml b/roles/container-engine/docker/vars/fedora.yml
index 87bc8578c..3fe6a0422 100644
--- a/roles/container-engine/docker/vars/fedora.yml
+++ b/roles/container-engine/docker/vars/fedora.yml
@@ -6,7 +6,7 @@ docker_kernel_min_version: '0'
 docker_versioned_pkg:
   'latest': docker-ce
   '18.03': docker-ce-18.03.1.ce-3.fc28
-  '18.06': docker-ce-18.06.1.ce-3.fc28
+  '18.06': docker-ce-18.06.2.ce-3.fc28
 
 #
 # This is due to the fact that the docker
diff --git a/roles/container-engine/docker/vars/redhat.yml b/roles/container-engine/docker/vars/redhat.yml
index 8d1d58825..149ab4734 100644
--- a/roles/container-engine/docker/vars/redhat.yml
+++ b/roles/container-engine/docker/vars/redhat.yml
@@ -14,10 +14,10 @@ docker_versioned_pkg:
   '17.09': docker-ce-17.09.0.ce-1.el7.centos
   '17.12': docker-ce-17.12.1.ce-1.el7.centos
   '18.03': docker-ce-18.03.1.ce-1.el7.centos
-  '18.06': docker-ce-18.06.1.ce-3.el7
-  '18.09': docker-ce-18.09.1-3.el7
-  'stable': docker-ce-18.06.1.ce-3.el7
-  'edge': docker-ce-17.12.1.ce-1.el7.centos
+  '18.06': docker-ce-18.06.2.ce-3.el7
+  '18.09': docker-ce-18.09.2-3.el7
+  'stable': docker-ce-18.06.2.ce-3.el7
+  'edge': docker-ce-18.09.2-3.el7
 
 docker_selinux_versioned_pkg:
   'latest': docker-ce-selinux
diff --git a/roles/container-engine/docker/vars/ubuntu-amd64.yml b/roles/container-engine/docker/vars/ubuntu-amd64.yml
index f93cd2d59..e24b4519d 100644
--- a/roles/container-engine/docker/vars/ubuntu-amd64.yml
+++ b/roles/container-engine/docker/vars/ubuntu-amd64.yml
@@ -10,10 +10,10 @@ docker_versioned_pkg:
   '17.03': docker-ce=17.03.2~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
   '17.09': docker-ce=17.09.0~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
   '17.12': docker-ce=17.12.1~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
-  '18.06': docker-ce=18.06.1~ce~3-0~ubuntu
-  '18.09': docker-ce_18.09.1~3-0~ubuntu-{{ ansible_distribution_release|lower }}
-  'stable': docker-ce=18.06.1~ce~3-0~ubuntu
-  'edge': docker-ce=18.06.1~ce~3-0~ubuntu
+  '18.06': docker-ce=18.06.2~ce~3-0~ubuntu
+  '18.09': docker-ce_18.09.2~3-0~ubuntu-{{ ansible_distribution_release|lower }}
+  'stable': docker-ce=18.06.2~ce~3-0~ubuntu
+  'edge': docker-ce=18.09.2~ce~3-0~ubuntu
 
 docker_package_info:
   pkg_mgr: apt
diff --git a/roles/container-engine/docker/vars/ubuntu-arm64.yml b/roles/container-engine/docker/vars/ubuntu-arm64.yml
index 450e7ce3f..7856408c4 100644
--- a/roles/container-engine/docker/vars/ubuntu-arm64.yml
+++ b/roles/container-engine/docker/vars/ubuntu-arm64.yml
@@ -6,10 +6,10 @@ docker_versioned_pkg:
   'latest': docker-ce
   '17.09': docker-ce=17.09.1~ce-0~ubuntu
   '17.12': docker-ce=17.12.1~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
-  '18.06': docker-ce=18.06.1~ce~3-0~ubuntu
-  '18.09': docker-ce_18.09.1~3-0~ubuntu-{{ ansible_distribution_release|lower }}
-  'stable': docker-ce=18.06.1~ce~3-0~ubuntu
-  'edge': docker-ce=18.06.1~ce~3-0~ubuntu
+  '18.06': docker-ce=18.06.2~ce~3-0~ubuntu
+  '18.09': docker-ce_18.09.2~3-0~ubuntu-{{ ansible_distribution_release|lower }}
+  'stable': docker-ce=18.06.2~ce~3-0~ubuntu
+  'edge': docker-ce_18.09.2~3-0~ubuntu-{{ ansible_distribution_release|lower }}
 
 docker_package_info:
   pkg_mgr: apt
-- 
GitLab