SUSE-SU-2023:2153-1

Опубликовано: 09 мая 2023

Источник: suse-cvrf

Описание

Security update for docker-distribution

This update for docker-distribution fixes the following issues:

CVE-2023-2253: Catalog Endpoint can lead to OOM by user input (bsc#1207705).

Список пакетов

SUSE Linux Enterprise Module for Containers 12

docker-distribution-registry-2.6.2-13.9.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232153-1/
Link for SUSE-SU-2023:2153-1
https://lists.suse.com/pipermail/sle-updates/2023-May/029312.html
E-Mail link for SUSE-SU-2023:2153-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1207705
SUSE Bug 1207705
https://www.suse.com/security/cve/CVE-2023-2253/
SUSE CVE CVE-2023-2253 page

Описание

A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.

Затронутые продукты

SUSE Linux Enterprise Module for Containers 12:docker-distribution-registry-2.6.2-13.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-2253.html
CVE-2023-2253
https://bugzilla.suse.com/1207705
SUSE Bug 1207705

SUSE-SU-2023:2153-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Containers 12

Ссылки

Уязвимость: CVE-2023-2253

Описание

Затронутые продукты

Ссылки