Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Fedora 37: FEDORA-2023-cf3551046d Critical: Moby-Engine Security Fixes

fedora
Calendar Grey September 5, 2023
Dist Fedora Esm H88
Enhancements for moby-framework feature several crucial security patches addressing networking and encryption protocols within containerized environments.
- Update moby-engine to 24.0.5 - Security fix for CVE-2021-41803 - Security fix for CVE-2023-28842 - Security fix for CVE-2023-28841 - Security fix for CVE-2023-28840 - Security fi...

Summary

Docker is an open source project to build, ship and run any application as a

lightweight container.

Docker containers are both hardware-agnostic and platform-agnostic. This means

they can run anywhere, from your laptop to the largest EC2 compute instance and

everything in between - and they don't require you to use a particular

language, framework or packaging system. That makes them great building blocks

for deploying and scaling web apps, databases, and backend services without

depending on a particular stack or provider.

Update Information:

- Update moby-engine to 24.0.5 - Security fix for CVE-2021-41803 - Security fix for CVE-2023-28842 - Security fix for CVE-2023-28841 - Security fix for CVE-2023-28840 - Security fix for CVE-2023-0845 - Security fix for CVE-2023-26054 - Security fix for CVE-2022-3064 - Security fix for CVE-2022-40716 - Security fix for CVE-2023-25173 ---- Update moby-engine to 23.0.4

Topics%20covered

Topics Covered

security advisory Fedora critical fix network threat encryption issue container engine moby-engine

Change Log

* Wed Aug 23 2023 LuK1337 - 24.0.5-1 - Update moby-engine to 24.0.5 * Thu Jul 20 2023 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

References


[ 1 ] Bug #2156860 - CVE-2022-40716 consul: Consul Service Mesh Intention Bypass with Malicious Certificate Signing Request https://bugzilla.redhat.com/show_bug.cgi?id=2156860 [ 2 ] Bug #2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents https://bugzilla.redhat.com/show_bug.cgi?id=2163037 [ 3 ] Bug #2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly https://bugzilla.redhat.com/show_bug.cgi?id=2174485 [ 4 ] Bug #2176447 - CVE-2023-26054 buildkit: Data disclosure in provenance attestation describing a build https://bugzilla.redhat.com/show_bug.cgi?id=2176447 [ 5 ] Bug #2177595 - CVE-2023-0845 hashicorp/consul: Consul Server Panic when Ingress and API Gateways Configured with Peering Connections https://bugzilla.redhat.com/show_bug.cgi?id=2177595 [ 6 ] Bug #2184683 - CVE-2023-28840 moby: Encrypted overlay network may be u...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-cf3551046d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: moby-engine
Product: Fedora 37
Version: 24.0.5
Release: 1.fc37
URL: https://www.docker.com
Summary: The open-source application container engine

Topics%20covered

Topics Covered

security advisory Fedora critical fix network threat encryption issue container engine moby-engine

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here