openSUSE Security Advisory (SUSE-SU-2024:4360-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : docker (SUSE-SU-2024:4360-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4360-1 advisory. - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: -...

OPENSUSE-SU-2024:14597-1 docker-27.4.1_ce-12.1 on GA media

These are all security issues fixed in the docker-27.4.1ce-12.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-36623 affecting package docker-cli for versions less than 25.0.3-3

CVE-2024-36623 affecting package docker-cli for versions less than 25.0.3-3. A patched version of the package is available...

SUSE-SU-2024:4360-1 Security update for docker

This update for docker fixes the following issues: - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker whic...

SUSE SLES12 Security Update : docker (SUSE-SU-2024:4319-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4319-1 advisory. - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: - Add a new toggle file...

Ubuntu: Security Advisory (USN-7161-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS / 24.04 LTS : Docker vulnerabilities (USN-7161-1)

The remote Ubuntu 18.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7161-1 advisory. Yair Zak discovered that Docker could unexpectedly forward DNS requests from internal networks in an unexpected manner. An attacker could...

USN-7161-1: Docker vulnerabilities

Yair Zak discovered that Docker could unexpectedly forward DNS requests from internal networks in an unexpected manner. An attacker could possibly use this issue to exfiltrate data by encoding information in DNS queries to controlled nameservers. This issue was only addressed for the source packa...

USN-7161-1 Docker vulnerabilities

Yair Zak discovered that Docker could unexpectedly forward DNS requests from internal networks in an unexpected manner. An attacker could possibly use this issue to exfiltrate data by encoding information in DNS queries to controlled nameservers. This issue was only addressed for the source packa...

CBL Mariner 2.0 Security Update: docker-cli / moby-cli / moby-compose / moby-engine (CVE-2024-36623)

The version of docker-cli / moby-cli / moby-compose / moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36623 advisory. - moby through v25.0.3 has a Race Condition vulnerability in the...

Exploit for CVE-2024-38819

CVE-2024-38819: Proof of Concept PoC This is a proof of con...

Security update for docker

This update for docker fixes the following issues: Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker which...

SUSE-SU-2024:4319-1 Security update for docker

This update for docker fixes the following issues: - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker whic...

OESA-2024-2557 docker security update

Docker is an open source project to build, ship and run any application as a lightweight container. Security Fixes: moby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or...

OESA-2024-2556 docker security update

Docker is an open source project to build, ship and run any application as a lightweight container. Security Fixes: moby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or...

OESA-2024-2555 docker security update

Docker is an open source project to build, ship and run any application as a lightweight container. Security Fixes: moby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or...

docker-stable-24.0.9_ce-4.1 on GA media (moderate)

docker-stable-24.0.9ce-4.1 on GA media Announcement ID: openSUSE-SU-2024:14571-1 Rating: moderate Cross-References: CVE-2024-23653 CVSS scores: CVE-2024-23653 SUSE : 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can n...

AZL-54345 CVE-2024-45337 affecting package docker-buildx for versions less than 0.14.0-2

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

AZL-54381 CVE-2024-45337 affecting package docker-compose for versions less than 2.27.0-2

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...