VYPR

rpm package

suse/docker-runc&distro=SUSE OpenStack Cloud 6

pkg:rpm/suse/docker-runc&distro=SUSE%20OpenStack%20Cloud%206

Vulnerabilities (2)

  • CVE-2017-16539MedNov 4, 2017
    affected < 1.0.0rc4+gitr3338_3f2f8b84a77f-1.3.1fixed 1.0.0rc4+gitr3338_3f2f8b84a77f-1.3.1

    The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-dev

  • CVE-2017-14992MedNov 1, 2017
    affected < 1.0.0rc4+gitr3338_3f2f8b84a77f-1.3.1fixed 1.0.0rc4+gitr3338_3f2f8b84a77f-1.3.1

    Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.