Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Fedora 38 Advisory: 2023-9f5f1ef40a High: Moby-Engine Security Fixes

fedora
Calendar Grey August 30, 2023
Dist Fedora Esm H88
Fedora 38 rolls out numerous security updates for the moby-engine addressing weaknesses in certificate management and encrypted data transmission.
- Update moby-engine to 24.0.5 - Security fix for CVE-2021-41803 - Security fix for CVE-2023-28842 - Security fix for CVE-2023-28841 - Security fix for CVE-2023-28840 - Security fi...

Summary

Docker is an open source project to build, ship and run any application as a

lightweight container.

Docker containers are both hardware-agnostic and platform-agnostic. This means

they can run anywhere, from your laptop to the largest EC2 compute instance and

everything in between - and they don't require you to use a particular

language, framework or packaging system. That makes them great building blocks

for deploying and scaling web apps, databases, and backend services without

depending on a particular stack or provider.

Update Information:

- Update moby-engine to 24.0.5 - Security fix for CVE-2021-41803 - Security fix for CVE-2023-28842 - Security fix for CVE-2023-28841 - Security fix for CVE-2023-28840 - Security fix for CVE-2023-0845 - Security fix for CVE-2023-26054 - Security fix for CVE-2022-3064 - Security fix for CVE-2022-40716 - Security fix for CVE-2023-25173 ---- Update moby-engine to 23.0.4

Topics%20covered

Topics Covered

security advisory Fedora security fix update notification certificates encrypted traffic moby-engine

Change Log

* Wed Aug 23 2023 LuK1337 - 24.0.5-1 - Update moby-engine to 24.0.5 * Thu Jul 20 2023 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

References


[ 1 ] Bug #2156860 - CVE-2022-40716 consul: Consul Service Mesh Intention Bypass with Malicious Certificate Signing Request https://bugzilla.redhat.com/show_bug.cgi?id=2156860 [ 2 ] Bug #2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents https://bugzilla.redhat.com/show_bug.cgi?id=2163037 [ 3 ] Bug #2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly https://bugzilla.redhat.com/show_bug.cgi?id=2174485 [ 4 ] Bug #2176447 - CVE-2023-26054 buildkit: Data disclosure in provenance attestation describing a build https://bugzilla.redhat.com/show_bug.cgi?id=2176447 [ 5 ] Bug #2177595 - CVE-2023-0845 hashicorp/consul: Consul Server Panic when Ingress and API Gateways Configured with Peering Connections https://bugzilla.redhat.com/show_bug.cgi?id=2177595 [ 6 ] Bug #2184683 - CVE-2023-28840 moby: Encrypted overlay network may be u...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-9f5f1ef40a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: moby-engine
Product: Fedora 38
Version: 24.0.5
Release: 1.fc38
URL: https://www.docker.com
Summary: The open-source application container engine

Topics%20covered

Topics Covered

security advisory Fedora security fix update notification certificates encrypted traffic moby-engine

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here