drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in docker.io
Name: |
Mehrere Probleme in docker.io |
|
ID: |
DSA-4521-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian buster |
|
Datum: |
Di, 10. September 2019, 07:08 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139 |
|
Applikationen: |
Docker |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4521-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 09, 2019 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : docker.io CVE ID : CVE-2019-13139 CVE-2019-13509 CVE-2019-14271
Three security vulnerabilities have been discovered in the Docker container runtime: Insecure loading of NSS libraries in "docker cp" could result in execution of code with root privileges, sensitive data could be logged in debug mode and there was a command injection vulnerability in the "docker build" command.
For the stable distribution (buster), these problems have been fixed in version 18.09.1+dfsg1-7.1+deb10u1.
We recommend that you upgrade your docker.io packages.
For the detailed security status of docker.io please refer to its security tracker page at: https://security-tracker.debian.org/tracker/docker.io
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl12uUoACgkQEMKTtsN8 Tjbx0RAAu9bplVFqk5K95erVGL1fbRnSc/85hhh++TcnUyx6b18DxhbsPrnLvwcX TdiVBrTUNJtYHQ7ArxI6yL8hidlwcFlEvpkw+4G+2YhJgxE23GylocGlmoOYM4l0 YnM33eCZqHKeek5DOVe04tx8fRDHl84CpXnyXi5yFY+jYHFrmGJiRVr1YQcZY6p/ x+Q5GDB7iE93wxIFN1hv8B+YJWha2R1u+3K0Jcw+/nNroeGHvQx41EWQMz++YlU5 bYL/f4nNWtwKeL0nbgDQpEXGJTb2bF4BGGhVQtZFdHdUWIXkrgqCrNm08zM7ZlDJ Y3z7nzeFlXhbRb8VDhuMmanh+bmjGfDytrqummdjninLmWEVimXSeyn57i43AZGC Web3cVA1d0gxnx2t/oa++egiQREEhwFTeyn3r7o6tOz+WCBLmShuppfhqJHCQgz5 XbmuzlXDUJXRhjPA5chGMDmOTgMMbGseQOjQ3phvUTAJXTBFRtIurD2EYCeFF5g1 y/cIYpTvQWAMYCEe9GRyYfem6lgDtLAoBMlWQCSUYAEUlgwau7rTHHkMThcvCyJz TFNXDuKQWylJUUY01uNNLqqpf+Q1eF2OjBJ0y4fWfAgCEG1XvrdRZQzY4rWM2cbF UKMx0QK7KlUhWQReGYeb5UbOnMRmkmZx4CJ2i53afy6l09kn66A= =m6VE -----END PGP SIGNATURE-----
|
|
|
|