Alerts This Week
Warning Icon 1 566
Alerts This Week
Warning Icon 1 566

Debian DSA-4521-1: Critical Docker.io Security Advisory on Vulnerabilities

debian
Calendar Grey September 9, 2019
Debian Logo
Three critical weaknesses discovered in the Docker container environment necessitate immediate attention to strengthen defenses and mitigate potential threats.
Three security vulnerabilities have been discovered in the Docker container runtime: Insecure loading of NSS libraries in "docker cp" could result in execution of code with root pr...
Topics%20covered

Topics Covered

security advisory root privileges command injection data logging docker

Summary

Three security vulnerabilities have been discovered in the Docker
container runtime: Insecure loading of NSS libraries in "docker cp"
could result in execution of code with root privileges, sensitive data
could be logged in debug mode and there was a command injection
vulnerability in the "docker build" command.

For the stable distribution (buster), these problems have been fixed in
version 18.09.1+dfsg1-7.1+deb10u1.

We recommend that you upgrade your docker.io packages.

For the detailed security status of docker.io please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/docker.io

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Package: docker.io
CVE ID: CVE-2019-13139 CVE-2019-13509 CVE-2019-14271

Topics%20covered

Topics Covered

security advisory root privileges command injection data logging docker

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here