docker

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Pack, ship and run any application as a lightweight container
Version 1:27.3.1-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2574 1:20.10.10-1 1:20.10.11-1 Medium Fixed
AVG-2440 1:20.10.8-1 1:20.10.9-1 Medium Fixed
AVG-1528 1:20.10.2-4 1:20.10.3-1 Medium Fixed
AVG-968 1:18.09.6-1 1:18.09.7-1 High Fixed
AVG-892 1:18.09.1-2 1:18.09.2-1 High Not affected
AVG-133 1:1.12.5-1 1:1.12.6-1 High Fixed FS#52493
Issue Group Severity Remote Type Description
CVE-2021-41190 AVG-2574 Medium Yes Insufficient validation
In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull...
CVE-2021-41092 AVG-2440 Low No Information disclosure
A bug was found in the Docker CLI where running docker login my- private-registry.example.com with a misconfigured configuration file (typically...
CVE-2021-41091 AVG-2440 Medium No Directory traversal
A bug was found in Moby (Docker Engine) where the data directory (typically /var/lib/docker) contained subdirectories with insufficiently restricted...
CVE-2021-41089 AVG-2440 Low No Information disclosure
A bug was found in Moby (Docker Engine) where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission...
CVE-2021-21285 AVG-1528 Medium No Denial of service
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd...
CVE-2021-21284 AVG-1528 Low No Privilege escalation
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege...
CVE-2019-5736 AVG-892 High Yes Privilege escalation
A vulnerability discovered in runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary...
CVE-2018-15664 AVG-968 High No Privilege escalation
A race condition with symbolic links has been found in Docker, allowing read-write access to the host and guest file-systems.
CVE-2016-9962 AVG-133 High No Privilege escalation
The runc component used by `docker exec` feature of docker allowed additional container processes to be ptraced by the pid 1 of the container. This allows...

Advisories

Date Advisory Group Severity Type
06 Feb 2021 ASA-202102-12 AVG-1528 Medium multiple issues
13 Jan 2017 ASA-201701-19 AVG-133 High privilege escalation