Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in docker.io
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in docker.io
ID: DSA-4521-1
Distribution: Debian
Plattformen: Debian buster
Datum: Di, 10. September 2019, 07:08
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139
Applikationen: Docker

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4521-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 09, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : docker.io
CVE ID : CVE-2019-13139 CVE-2019-13509 CVE-2019-14271

Three security vulnerabilities have been discovered in the Docker
container runtime: Insecure loading of NSS libraries in "docker cp"
could result in execution of code with root privileges, sensitive data
could be logged in debug mode and there was a command injection
vulnerability in the "docker build" command.

For the stable distribution (buster), these problems have been fixed in
version 18.09.1+dfsg1-7.1+deb10u1.

We recommend that you upgrade your docker.io packages.

For the detailed security status of docker.io please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/docker.io

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl12uUoACgkQEMKTtsN8
Tjbx0RAAu9bplVFqk5K95erVGL1fbRnSc/85hhh++TcnUyx6b18DxhbsPrnLvwcX
TdiVBrTUNJtYHQ7ArxI6yL8hidlwcFlEvpkw+4G+2YhJgxE23GylocGlmoOYM4l0
YnM33eCZqHKeek5DOVe04tx8fRDHl84CpXnyXi5yFY+jYHFrmGJiRVr1YQcZY6p/
x+Q5GDB7iE93wxIFN1hv8B+YJWha2R1u+3K0Jcw+/nNroeGHvQx41EWQMz++YlU5
bYL/f4nNWtwKeL0nbgDQpEXGJTb2bF4BGGhVQtZFdHdUWIXkrgqCrNm08zM7ZlDJ
Y3z7nzeFlXhbRb8VDhuMmanh+bmjGfDytrqummdjninLmWEVimXSeyn57i43AZGC
Web3cVA1d0gxnx2t/oa++egiQREEhwFTeyn3r7o6tOz+WCBLmShuppfhqJHCQgz5
XbmuzlXDUJXRhjPA5chGMDmOTgMMbGseQOjQ3phvUTAJXTBFRtIurD2EYCeFF5g1
y/cIYpTvQWAMYCEe9GRyYfem6lgDtLAoBMlWQCSUYAEUlgwau7rTHHkMThcvCyJz
TFNXDuKQWylJUUY01uNNLqqpf+Q1eF2OjBJ0y4fWfAgCEG1XvrdRZQzY4rWM2cbF
UKMx0QK7KlUhWQReGYeb5UbOnMRmkmZx4CJ2i53afy6l09kn66A=
=m6VE
-----END PGP SIGNATURE-----
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung