Azure IoT Edge Moby engine security update for CVE-2020-13401

Published date: June 02, 2020

A security vulnerability has been identified in Moby engine components in Azure IoT Edge. (Windows versions aren’t affected.) Get details for this issue: CVE-2020-13401.

Take these steps to fix the issue in Moby engine version 3.0.12 or later:

  1. Stop iotedge daemon.
    • sudo systemctl stop iotedge
       
  2. Remove the existing moby-engine package.
    • sudo apt-get remove docker
       
  3. Delete saved moby-engine context. This will remove all cached containers.
    • ​​sudo rm -rf /var/lib/docker
       
  4. Follow instructions to install moby-engine, and verify the version to be 3.0.12 or later after installation.
    •  sudo docker version
       
  5.  Start iotedge daemon.
    •  sudo systemctl start iotedge

Download the RPM package.

  • Azure IoT Edge
  • Compliance
  • Security

Related Products