Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker-ce 18.09.11 and 18.09.10 packages not found for Ubuntu 16.04 and 18.04 #898

Closed
2 tasks done
sarun87 opened this issue Jan 16, 2020 · 9 comments
Closed
2 tasks done

Docker-ce 18.09.11 and 18.09.10 packages not found for Ubuntu 16.04 and 18.04 #898

sarun87 opened this issue Jan 16, 2020 · 9 comments

Comments

@sarun87
Copy link

sarun87 commented Jan 16, 2020
edited
Loading

  • This is a bug report
  • [ ] This is a feature request
  • I searched existing issues before opening this one

18.09.11 addresses two CVE's : CVE-2019-16884 and CVE-2019-13509. Would be great if these 18.9.11 artifacts are published.

Expected behavior

docker-ce package with version 18.09.10 and 18.09.11 should be found.

Actual behavior

docker-ce package versions 18.09.0 to 18.09.9 exist. patches .10 and .11 not found.

root@arun-dev:~# apt-cache madison docker-ce
 docker-ce | 5:19.03.5~3-0~ubuntu-bionic | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 5:19.03.4~3-0~ubuntu-bionic | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 5:19.03.3~3-0~ubuntu-bionic | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 5:19.03.2~3-0~ubuntu-bionic | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 5:19.03.1~3-0~ubuntu-bionic | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 5:19.03.0~3-0~ubuntu-bionic | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 5:18.09.9~3-0~ubuntu-bionic | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 5:18.09.8~3-0~ubuntu-bionic | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 5:18.09.7~3-0~ubuntu-bionic | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 5:18.09.6~3-0~ubuntu-bionic | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 5:18.09.5~3-0~ubuntu-bionic | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 5:18.09.4~3-0~ubuntu-bionic | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 5:18.09.3~3-0~ubuntu-bionic | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 5:18.09.2~3-0~ubuntu-bionic | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 5:18.09.1~3-0~ubuntu-bionic | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 5:18.09.0~3-0~ubuntu-bionic | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 18.06.3~ce~3-0~ubuntu | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 18.06.2~ce~3-0~ubuntu | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 18.06.1~ce~3-0~ubuntu | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 18.06.0~ce~3-0~ubuntu | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
 docker-ce | 18.03.1~ce~3-0~ubuntu | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages

Steps to reproduce the behavior

Followed installation steps as per https://docs.docker.com/install/linux/docker-ce/ubuntu/

Output of docker version:

Does not apply

Output of docker info:

Does not apply

Additional environment details (AWS, VirtualBox, physical, etc.)
Ubuntu 18.04 cloud-init image

DISTRIB_DESCRIPTION="Ubuntu 18.04.2 LTS"
NAME="Ubuntu"
VERSION="18.04.2 LTS (Bionic Beaver)"
@cpuguy83
Copy link
Collaborator

Docker CE only goes to 18.09.9 (there is no 18.09.10).

@cpuguy83
Copy link
Collaborator

Seems like maybe there might be a Docker EE for 18.09.10+?

@sarun87
Copy link
Author

sarun87 commented Jan 17, 2020

@cpuguy83 thanks for taking at look at the issue. I'm assuming we would need one for Docker CE as well? I see that CVEs and other commits have been backported to docker-ce 18.09 branch already. Looks like we are missing a release tag + artifacts.

If I can help in anyway, I'd be happy to. @cpuguy83 whom would I need to ping? :-)

@cpuguy83
Copy link
Collaborator

@sarun87 18.09 is no longer in support. Is there an issue with upgrading to 19.03?
It's almost a year old at this point.

@cpuguy83
Copy link
Collaborator

"It" being 19.03. 18.09 is much older.

@sarun87
Copy link
Author

sarun87 commented Jan 20, 2020

@cpuguy83 That's true. 19.03 has been out for almost a year now. Is 18.09 out of support for CVE patch backports as well? The reason I ask is because I do see the backport commits in the 18.09 branch, just that it's not tagged as a release.

We run k8s with docker runtime in production and up to K8s 1.16 the latest validated docker versions have been 18.09.
https://v1-16.docs.kubernetes.io/docs/setup/release/notes/

The list of validated docker versions remains unchanged.
The current list is 1.13.1, 17.03, 17.06, 17.09, 18.06, 18.09. (#72823, #72831)

As of the latest k8s version 1.17, docker 19.03 has been validated, https://kubernetes.io/docs/setup/release/notes/

Update the latest validated version of Docker to 19.03 (#84476, @neolit123)

@thaJeztah
Copy link
Member

Docker CE 18.09 reached EOL, but some commits were merged in the 18.09 branch in docker/engine; those were released as part of the Docker EE 18.09 (18.09.10 and 18.09.11) docker enterprise releases (docker enterprise 18.09 is still supported)

  • CVE-2019-13509 is listed to be addressed in docker 18.09.8 and up, so should be in the last docker-ce 18.09.9
  • CVE-2019-16884 is a CVE in runc, which is part of the containerd.io package. That package is installed as a dependency of the docker-ce RPM and DEB packages.

An updated version of runc will be included in the containerd.io 1.2.11 package (which is currently being worked on). So if you're installing docker-ce from the .deb or .rpm packages, you can upgrade containerd.io to 1.2.11 and get the fix for that; the containerd.io 1.2.x packages should be compatible with docker 18.09

If you're installing docker 18.09 from the static binaries (.tgz); those packages won't be updated (because 18.09 CE reached EOL), but as a workaround, you could extract the containerd, containerd-shim, ctr and runc binaries from the 19.03 .tgz (https://download.docker.com/linux/static/stable/x86_64/) package once Docker 19.03.6 is released (currently in progress).

(Note: for future releases, we're discussing changing the static .tgz packages to ship the static containerd binaries in a separate .tgz)

@sarun87
Copy link
Author

sarun87 commented Jan 29, 2020

Thanks @thaJeztah for the update and pointers on the best way to consume those CVE patches in production.

I will go ahead and close this issue.

Could you point me to the discussion around changing the static .tgz packages? I would be happy if I can follow along.

@sarun87 sarun87 closed this as completed Jan 29, 2020
@thaJeztah
Copy link
Member

I'd have to look if there's a public issue (it's related to various things around packaging); these issues are related to that though:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cpuguy83 @thaJeztah @sarun87