1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4521-1] docker.io security update

    From Moritz Muehlenhoff@1:229/2 to All on Mon Sep 9 23:00:04 2019
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4521-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 09, 2019 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : docker.io
    CVE ID : CVE-2019-13139 CVE-2019-13509 CVE-2019-14271

    Three security vulnerabilities have been discovered in the Docker
    container runtime: Insecure loading of NSS libraries in "docker cp"
    could result in execution of code with root privileges, sensitive data
    could be logged in debug mode and there was a command injection
    vulnerability in the "docker build" command.

    For the stable distribution (buster), these problems have been fixed in
    version 18.09.1+dfsg1-7.1+deb10u1.

    We recommend that you upgrade your docker.io packages.

    For the detailed security status of docker.io please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/docker.io

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl12uUoACgkQEMKTtsN8 Tjbx0RAAu9bplVFqk5K95erVGL1fbRnSc/85hhh++TcnUyx6b18DxhbsPrnLvwcX TdiVBrTUNJtYHQ7ArxI6yL8hidlwcFlEvpkw+4G+2YhJgxE23GylocGlmoOYM4l0 YnM33eCZqHKeek5DOVe04tx8fRDHl84CpXnyXi5yFY+jYHFrmGJiRVr1YQcZY6p/ x+Q5GDB7iE93wxIFN1hv8B+YJWha2R1u+3K0Jcw+/nNroeGHvQx41EWQMz++YlU5 bYL/f4nNWtwKeL0nbgDQpEXGJTb2bF4BGGhVQtZFdHdUWIXkrgqCrNm08zM7ZlDJ Y3z7nzeFlXhbRb8VDhuMmanh+bmjGfDytrqummdjninLmWEVimXSeyn57i43AZGC Web3cVA1d0gxnx2t/oa++egiQREEhwFTeyn3r7o6tOz+WCBLmShuppfhqJHCQgz5 XbmuzlXDUJXRhjPA5chGMDmOTgMMbGseQOjQ3phvUTAJXTBFRtIurD2EYCeFF5g1 y/cIYpTvQWAMYCEe9GRyYfem6lgDtLAoBMlWQCSUYAEUlgwau7rTHHkMThcvCyJz TFNXDuKQWylJUUY01uNNLqqpf+Q1eF2OjBJ0y4fWfAgCEG1XvrdRZQzY4rWM2cbF UKMx0QK7KlUhWQReGYeb5UbOnMRmkmZx4CJ2i53afy6l09kn66A=
    =m6VE
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)