Test ID:	1.3.6.1.4.1.25623.1.0.884783
Category:	Fedora Local Security Checks
Title:	Fedora: Security Advisory (FEDORA-2023-b9c1d0e4c5)
Summary:	The remote host is missing an update for the 'moby-engine' package(s) announced via the FEDORA-2023-b9c1d0e4c5 advisory.
Description:	Summary: The remote host is missing an update for the 'moby-engine' package(s) announced via the FEDORA-2023-b9c1d0e4c5 advisory. Vulnerability Insight: - Update moby-engine to 24.0.5 - Security fix for CVE-2021-41803 - Security fix for CVE-2023-28842 - Security fix for CVE-2023-28841 - Security fix for CVE-2023-28840 - Security fix for CVE-2023-0845 - Security fix for CVE-2023-26054 - Security fix for CVE-2022-3064 - Security fix for CVE-2022-40716 - Security fix for CVE-2023-25173 Affected Software/OS: 'moby-engine' package(s) on Fedora 39. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-41803 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/ https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627 https://www.hashicorp.com/blog/category/consul Common Vulnerability Exposure (CVE) ID: CVE-2022-3064 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/ https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5 https://github.com/go-yaml/yaml/releases/tag/v2.2.4 https://pkg.go.dev/vuln/GO-2022-0956 https://lists.debian.org/debian-lts-announce/2023/07/msg00001.html Common Vulnerability Exposure (CVE) ID: CVE-2022-40716 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628 Common Vulnerability Exposure (CVE) ID: CVE-2023-0845 https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197 Common Vulnerability Exposure (CVE) ID: CVE-2023-25173 https://github.com/advisories/GHSA-4wjj-jwc9-2x96 https://github.com/advisories/GHSA-fjm8-m7m6-2fjp https://github.com/advisories/GHSA-phjr-8j92-w5v7 https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a https://github.com/containerd/containerd/releases/tag/v1.5.18 https://github.com/containerd/containerd/releases/tag/v1.6.18 https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4 https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/ Common Vulnerability Exposure (CVE) ID: CVE-2023-26054 https://github.com/moby/buildkit/commit/75123c696506bdbca1ed69906479e200f1b62604 https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc Common Vulnerability Exposure (CVE) ID: CVE-2023-28840 https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333 https://github.com/moby/moby/issues/43382 https://github.com/moby/moby/pull/45118 https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237 https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw Common Vulnerability Exposure (CVE) ID: CVE-2023-28841 https://github.com/moby/libnetwork/blob/d9fae4c73daf76c3b0f77e14b45b8bf612ba764d/drivers/overlay/encryption.go#L205-L207 Common Vulnerability Exposure (CVE) ID: CVE-2023-28842
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.