Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2019-0180)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2019.0180

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2019-0180)

Resumen: The remote host is missing an update for the 'docker' package(s) announced via the MGASA-2019-0180 advisory.

Descripción: Summary:
The remote host is missing an update for the 'docker' package(s) announced via the MGASA-2019-0180 advisory.

Vulnerability Insight:
Security issues fixed for containerd, docker, docker-runc and
golang-github-docker-libnetwork:

CVE-2018-16873: cmd/go: remote command execution during 'go get -u'
(bsc#1118897)
CVE-2018-16874: cmd/go: directory traversal in 'go get' via curly braces
in import paths (bsc#1118898)
CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899)

Non-security issues fixed for docker:

Disable leap based builds for kubic flavor (bsc#1121412)
Allow users to explicitly specify the NIS domainname of a container
(bsc#1001161)
Update docker.service to match upstream and avoid rlimit problems
(bsc#1112980)
Allow docker images larger then 23GB (bsc#1118990)
Docker version update to version 18.09.0-ce (bsc#1115464)

Affected Software/OS:
'docker' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-16873
BugTraq ID: 106226
http://www.securityfocus.com/bid/106226
https://security.gentoo.org/glsa/201812-09
https://groups.google.com/forum/?pli=1#!topic/golang-announce/Kw31K8G7Fi0
https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html
https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html
SuSE Security Announcement: openSUSE-SU-2019:1079 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html
SuSE Security Announcement: openSUSE-SU-2019:1444 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html
SuSE Security Announcement: openSUSE-SU-2019:1499 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html
SuSE Security Announcement: openSUSE-SU-2019:1506 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html
SuSE Security Announcement: openSUSE-SU-2019:1703 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html
SuSE Security Announcement: openSUSE-SU-2020:0554 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-16874
BugTraq ID: 106228
http://www.securityfocus.com/bid/106228
Common Vulnerability Exposure (CVE) ID: CVE-2018-16875
BugTraq ID: 106230
http://www.securityfocus.com/bid/106230

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0180
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0180)
Resumen:	The remote host is missing an update for the 'docker' package(s) announced via the MGASA-2019-0180 advisory.
Descripción:	Summary: The remote host is missing an update for the 'docker' package(s) announced via the MGASA-2019-0180 advisory. Vulnerability Insight: Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: CVE-2018-16873: cmd/go: remote command execution during 'go get -u' (bsc#1118897) CVE-2018-16874: cmd/go: directory traversal in 'go get' via curly braces in import paths (bsc#1118898) CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899) Non-security issues fixed for docker: Disable leap based builds for kubic flavor (bsc#1121412) Allow users to explicitly specify the NIS domainname of a container (bsc#1001161) Update docker.service to match upstream and avoid rlimit problems (bsc#1112980) Allow docker images larger then 23GB (bsc#1118990) Docker version update to version 18.09.0-ce (bsc#1115464) Affected Software/OS: 'docker' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-16873 BugTraq ID: 106226 http://www.securityfocus.com/bid/106226 https://security.gentoo.org/glsa/201812-09 https://groups.google.com/forum/?pli=1#!topic/golang-announce/Kw31K8G7Fi0 https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html SuSE Security Announcement: openSUSE-SU-2019:1079 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html SuSE Security Announcement: openSUSE-SU-2019:1444 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html SuSE Security Announcement: openSUSE-SU-2019:1499 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html SuSE Security Announcement: openSUSE-SU-2019:1506 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html SuSE Security Announcement: openSUSE-SU-2019:1703 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html SuSE Security Announcement: openSUSE-SU-2020:0554 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html Common Vulnerability Exposure (CVE) ID: CVE-2018-16874 BugTraq ID: 106228 http://www.securityfocus.com/bid/106228 Common Vulnerability Exposure (CVE) ID: CVE-2018-16875 BugTraq ID: 106230 http://www.securityfocus.com/bid/106230
Copyright	Copyright (C) 2022 Greenbone AG