SUSE-SU-2018:0865-1

Опубликовано: 03 апр. 2018

Источник: suse-cvrf

Описание

Security update for docker-distribution

This update for docker-distribution fixes the following issues:

Security issues fixed:

CVE-2017-11468: Fixed a denial of service (memory consumption) via the manifest endpoint (bsc#1049850).

Bug fixes:

bsc#1083474: docker-distirbution-registry overwrites configuration file with update.
bsc#1033172: Garbage collector needed - or kindly release docker-distribution-registry in Version 2.4.
Add SuSEfirewall2 service file for TCP port 5000.

Список пакетов

SUSE Linux Enterprise Module for Containers 12

docker-distribution-registry-2.6.2-13.6.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20180865-1/
Link for SUSE-SU-2018:0865-1
https://lists.suse.com/pipermail/sle-security-updates/2018-April/003866.html
E-Mail link for SUSE-SU-2018:0865-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1033172
SUSE Bug 1033172
https://bugzilla.suse.com/1049850
SUSE Bug 1049850
https://bugzilla.suse.com/1083474
SUSE Bug 1083474
https://www.suse.com/security/cve/CVE-2017-11468/
SUSE CVE CVE-2017-11468 page

Описание

Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.

Затронутые продукты

SUSE Linux Enterprise Module for Containers 12:docker-distribution-registry-2.6.2-13.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-11468.html
CVE-2017-11468
https://bugzilla.suse.com/1049850
SUSE Bug 1049850

SUSE-SU-2018:0865-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Containers 12

Ссылки

Уязвимость: CVE-2017-11468

Описание

Затронутые продукты

Ссылки