Skip to content

Update DNS library#40579

Merged
thaJeztah merged 1 commit intomoby:masterfrom
SamWhited:dns_update
Feb 27, 2020
Merged

Update DNS library#40579
thaJeztah merged 1 commit intomoby:masterfrom
SamWhited:dns_update

Conversation

@SamWhited
Copy link
Contributor

@SamWhited SamWhited commented Feb 25, 2020

supersedes #40534
closes #40534

This makes sure that we don't become vulnerable to CVE-2018-17419 or
CVE-2019-19794 in the future. As far as I can tell we are not vulnerable to either right now, but if someone were to use one of the affected methods in the future we could become vulnerable with our current dependency.

- What I did

Bumped the version of github.com/miekg/dns to v1.1.27 in vendor.conf.

- How I did it

Manually edited the file, then ran the version of vendor installed in our containers by default to update the vendor tree.

eg. go get -u github.com/LK4D4/vndr@85886e1ac99b8d96590e6e0d9f075dc7a711d132

- How to verify it

CI should do that, I'm waiting on that now.

This also updates libnetwork to 264bffcb88c1b6b7471c04e3c6b3f301233a544b;

full diff: moby/libnetwork@feeff4f...264bffc

includes:

- Description for the changelog

- Add support for a `com.docker.network.bridge.inhibit_ipv4` driver label to skip IPv4 configuration of bridge interface docker/libnetwork#2317
- Add support for a ` com.docker.network.host_ipv4` driver label to choose outbound (external) IP for containers docker/libnetwork#2454
- Improve load balancer performance for ingress network with lots of parallel requests docker/libnetwork#2491

- A picture of a cute animal (not mandatory but encouraged)

This makes sure that we don't become vulnerable to CVE-2018-17419 or
CVE-2019-19794 in the future.

Signed-off-by: Sam Whited <[email protected]>
@SamWhited SamWhited marked this pull request as ready for review February 26, 2020 14:11
@SamWhited SamWhited requested a review from tianon as a code owner February 26, 2020 14:11
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@albert-a
Copy link

Thank you very much! Support for com.docker.network.bridge.inhibit_ipv4 is a brilliant feature! But it is not mentioned here: https://docs.docker.com/network/drivers/bridge/

Why hasn't it been documented yet?

@thaJeztah
Copy link
Member

@albert-a quite likely overlooked because it's in a separate repository. Could you open a ticket in https://github.com/docker/docs ?

/cc @dvdksn @akerouanton

@albert-a
Copy link

@thaJeztah Sure! I opened the ticket.

@thaJeztah
Copy link
Member

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

4 participants