GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Aug 27, 2020 2:26 am Post subject: [ GLSA 202008-15 ] Docker |
 |
|
Gentoo Linux Security Advisory
Title: Docker: Information disclosure (GLSA 202008-15)
Severity: normal
Exploitable: local
Date: 2020-08-26
Bug(s): #729208
ID: 202008-15
Synopsis
A flaw in Docker allowed possible information leakage.
Background
Docker is the world’s leading software containerization platform.
Affected Packages
Package: app-emulation/docker
Vulnerable: < 19.03.12
Unaffected: >= 19.03.12
Architectures: All supported architectures
Description
It was found that Docker created network bridges which by default accept
IPv6 router advertisements.
Impact
An attacker who gained access to a container with CAP_NET_RAW capability
may be able to to spoof router advertisements, resulting in information
disclosure or denial of service.
Workaround
There is no known workaround at this time.
Resolution
All Docker users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/docker-19.03.12"
|
References
CVE-2020-13401 |
|
News & Announcements
