[Golang-updates] [Bug 1474893] New: CVE-2017-11468 docker-distribution: Does not properly restrict the amount of content accepted from a user

Tuesday, 25 July 2017

https://bugzilla.redhat.com/show_bug.cgi?id=1474893

            Bug ID: 1474893
           Summary: CVE-2017-11468 docker-distribution: Does not properly
                    restrict the amount of content accepted from a user
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team(a)redhat.com
          Reporter: anemec(a)redhat.com
                CC: admiller(a)redhat.com, fkluknav(a)redhat.com,
                    golang-updates(a)lists.fedoraproject.org,
                    jchaloup(a)redhat.com, lsm5(a)redhat.com,
                    marianne(a)tuxette.fr

Docker Registry in Docker Distribution does not properly restrict the amount of
content accepted from a user, which allows remote attackers to cause a denial
of service (memory consumption) via the manifest endpoint. 

Upstream patch:

https://github.com/docker/distribution/commit/29fa466debaabb64f8559116bbf...

References:

https://github.com/docker/distribution/releases/tag/v2.6.2

-- 
You are receiving this mail because:
You are on the CC list for the bug.

2024

2023

2022

2021

2020

2019

2018

2017

2016

[Golang-updates] [Bug 1474893] New: CVE-2017-11468 docker-distribution: Does not properly restrict the amount of content accepted from a user