Stay Secure with the Latest Linux Advisories

security advisoryfedoraupdate

Fedora 35: 2021-79ba5abef6 Critical: Moby-Engine OCI Parsing Issue

Update containerd and moby-engine - Security fix for CVE-2021-41190. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-79ba5abef6 2021-12-01 01:19:37.797871 --------------------------------------------------------------------------------Name : moby-engine Product : Fedora 35 Version : 20.10.11 Release : 1.fc35 URL : https://www.docker.com Summary : The open-source application container engine Description : Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance and everything in between - and they don't require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. --------------------------------------------------------------------------------Update Information: Update containerd and moby-engine - Security fix for CVE-2021-41190 --------------------------------------------------------------------------------ChangeLog: * Mon Nov 22 2021 Olivier Lemasle - 20.10-11-1 - Update to upstream 20.10.11 (fixes rhbz#2024384) - Mitigates CVE-2021-41190 (fixes rhbz#2024940) --------------------------------------------------------------------------------References: [ 1 ] Bug #2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion https://bugzilla.redhat.com/show_bug.cgi?id=2024938 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-79ba5abef6' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Fedora 36 Release for Moby-Engine tackles OCI Manifest Interpretation challenge to bolster security and optimize efficiency.. Fedora Update, Moby-Engine, Security Fix, Container Engine. . Severity: Critical. LinuxSecurity.com Team

Nov 30, 2021 •Critical Fedora