Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 436
Alerts This Week
Warning Icon 1 436

Mageia: 2023-0009 Moderate: Docker Group Access Threats Mitigated

mageia
Calendar Grey January 24, 2023
Dist Mageia Esm H88
Recent updates for Docker packages fix critical security flaws including group access vulnerabilities and cross-site request forgery in Mageia.
Server side request forgery (CVE-2022-29153) Bypass primary group restrictions due to a flaw in the supplementary group access setup (CVE-2022-36109)

Summary

Server side request forgery (CVE-2022-29153)
Bypass primary group restrictions due to a flaw in the supplementary group access setup (CVE-2022-36109)
Imported Nodes/Services Information leak in moby-engine. (CVE-2022-3920)

References

- https://bugs.mageia.org/show_bug.cgi?id=30834

- https://docs.docker.com/engine/release-notes/25.0/

- https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ/

- https://docs.docker.com/engine/release-notes/25.0/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VFYXCTLOSESYIP72BUYD6ECDIMUM4WMB/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/

- https://www.cve.org/CVERecord?id=CVE-2022-29153

- https://www.cve.org/CVERecord?id=CVE-2022-36109

- https://www.cve.org/CVERecord?id=CVE-2022-3920

Resolution

SRPMS

- 8/core/docker-20.10.22-1.mga8

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 24 Jan 2023
URL: https://advisories.mageia.org/MGASA-2023-0009.html
Type: security
CVE: CVE-2022-29153, CVE-2022-36109, CVE-2022-3920

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.