Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2023-0009)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2023.0009

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2023-0009)

Resumen: The remote host is missing an update for the 'docker' package(s) announced via the MGASA-2023-0009 advisory.

Descripción: Summary:
The remote host is missing an update for the 'docker' package(s) announced via the MGASA-2023-0009 advisory.

Vulnerability Insight:
Server side request forgery (CVE-2022-29153)

Bypass primary group restrictions due to a flaw in the supplementary group
access setup (CVE-2022-36109)

Imported Nodes/Services Information leak in moby-engine. (CVE-2022-3920)

Affected Software/OS:
'docker' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-29153
FEDORA-2022-7e327a20be
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/
GLSA-202208-09
https://security.gentoo.org/glsa/202208-09
https://discuss.hashicorp.com
https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/
https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
https://security.netapp.com/advisory/ntap-20220602-0005/
Common Vulnerability Exposure (CVE) ID: CVE-2022-36109
https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ/
https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32
https://github.com/moby/moby/releases/tag/v20.10.18
Common Vulnerability Exposure (CVE) ID: CVE-2022-3920
https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946

Copyright Copyright (C) 2023 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2023.0009
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2023-0009)
Resumen:	The remote host is missing an update for the 'docker' package(s) announced via the MGASA-2023-0009 advisory.
Descripción:	Summary: The remote host is missing an update for the 'docker' package(s) announced via the MGASA-2023-0009 advisory. Vulnerability Insight: Server side request forgery (CVE-2022-29153) Bypass primary group restrictions due to a flaw in the supplementary group access setup (CVE-2022-36109) Imported Nodes/Services Information leak in moby-engine. (CVE-2022-3920) Affected Software/OS: 'docker' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-29153 FEDORA-2022-7e327a20be https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/ GLSA-202208-09 https://security.gentoo.org/glsa/202208-09 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/ https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 https://security.netapp.com/advisory/ntap-20220602-0005/ Common Vulnerability Exposure (CVE) ID: CVE-2022-36109 https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ/ https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32 https://github.com/moby/moby/releases/tag/v20.10.18 Common Vulnerability Exposure (CVE) ID: CVE-2022-3920 https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946
Copyright	Copyright (C) 2023 Greenbone AG