rpm package
suse/golang-github-docker-libnetwork&distro=SUSE OpenStack Cloud 6
pkg:rpm/suse/golang-github-docker-libnetwork&distro=SUSE%20OpenStack%20Cloud%206
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-16539 | Med | 5.9 | < 0.7.0.1+gitr2066_7b2b1feb1de4-10.1 | 0.7.0.1+gitr2066_7b2b1feb1de4-10.1 | Nov 4, 2017 | The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-dev | |
| CVE-2017-14992 | Med | 6.5 | < 0.7.0.1+gitr2066_7b2b1feb1de4-10.1 | 0.7.0.1+gitr2066_7b2b1feb1de4-10.1 | Nov 1, 2017 | Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. | |
| CVE-2017-8932 | Med | 5.9 | < 0.0.0+git20170119.7b2b1fe-4.1 | 0.0.0+git20170119.7b2b1fe-4.1 | Jul 6, 2017 | A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input |
- affected < 0.7.0.1+gitr2066_7b2b1feb1de4-10.1fixed 0.7.0.1+gitr2066_7b2b1feb1de4-10.1
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-dev
- affected < 0.7.0.1+gitr2066_7b2b1feb1de4-10.1fixed 0.7.0.1+gitr2066_7b2b1feb1de4-10.1
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.
- affected < 0.0.0+git20170119.7b2b1fe-4.1fixed 0.0.0+git20170119.7b2b1fe-4.1
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input