Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.bugs.dist > #1085147
| From | "Adam D. Barratt" <adam@adam-barratt.org.uk> |
|---|---|
| Newsgroups | linux.debian.bugs.dist, linux.debian.devel.release |
| Subject | Bug#1001115: bullseye-pu: package docker.io/20.10.5+dfsg1-1+deb11u1 |
| Date | 2021-12-11 19:00 +0100 |
| Message-ID | <DteP8-6dp-9@gated-at.bofh.it> (permalink) |
| References | <DqFLQ-2AA-5@gated-at.bofh.it> <DqFLQ-2AA-5@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
Cross-posted to 2 groups.
Control: tags -1 + confirmed On Sun, 2021-12-05 at 00:01 +0800, Shengjing Zhu wrote: > Backport 3 CVE patches. > > + CVE-2021-41089: Create parent directories inside a chroot during > docker > cp to prevent a specially crafted container from changing > permissions of > existing files in the host’s filesystem. > + CVE-2021-41091: Lock down file permissions to prevent unprivileged > users > from discovering and executing programs in /var/lib/docker. > + CVE-2021-41092: Ensure default auth config has address field set, > to > prevent credentials being sent to the default registry. (Closes: > #998292) > > And backport 1 patch to run container which > uses "clone3" syscall (for example glibc 2.34) > Please go ahead. Regards, Adam
Back to linux.debian.bugs.dist | Previous | Next | Find similar
Bug#1001115: bullseye-pu: package docker.io/20.10.5+dfsg1-1+deb11u1 "Adam D. Barratt" <adam@adam-barratt.org.uk> - 2021-12-11 19:00 +0100
csiph-web