Executive Summary

Summary
Titledocker.io security update
Informations
NameDSA-4521First vendor Publication2019-09-09
VendorDebianLast vendor Modification2019-09-09
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Three security vulnerabilities have been discovered in the Docker container runtime: Insecure loading of NSS libraries in "docker cp" could result in execution of code with root privileges, sensitive data could be logged in debug mode and there was a command injection vulnerability in the "docker build" command.

For the stable distribution (buster), these problems have been fixed in version 18.09.1+dfsg1-7.1+deb10u1.

We recommend that you upgrade your docker.io packages.

For the detailed security status of docker.io please refer to its security tracker page at: https://security-tracker.debian.org/tracker/docker.io

Original Source

Url : http://www.debian.org/security/2019/dsa-4521

CWE : Common Weakness Enumeration

%idName
33 %CWE-532Information Leak Through Log Files
33 %CWE-94Failure to Control Generation of Code ('Code Injection')
33 %CWE-77Improper Sanitization of Special Elements used in a Command ('Command Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application147

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2019-09-10 00:18:33
  • First insertion