openSUSE-SU-2018:0882-1

Опубликовано: 05 апр. 2018

Источник: suse-cvrf

Описание

Security update for docker-distribution

This update for docker-distribution fixes the following issues:

Security issues fixed:

CVE-2017-11468: Fixed a denial of service (memory consumption) via the manifest endpoint (bsc#1049850).

Bug fixes:

bsc#1083474: docker-distirbution-registry overwrites configuration file with update.
bsc#1033172: Garbage collector needed - or kindly release docker-distribution-registry in Version 2.4.
Add SuSEfirewall2 service file for TCP port 5000.

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.3

docker-distribution-2.6.2-11.1

docker-distribution-registry-2.6.2-11.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2018-04/msg00001.html
E-Mail link for openSUSE-SU-2018:0882-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.

Затронутые продукты

openSUSE Leap 42.3:docker-distribution-2.6.2-11.1

openSUSE Leap 42.3:docker-distribution-registry-2.6.2-11.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-11468.html
CVE-2017-11468
https://bugzilla.suse.com/1049850
SUSE Bug 1049850

openSUSE-SU-2018:0882-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-11468

Описание

Затронутые продукты

Ссылки