Mailinglist Archive: opensuse-bugs (6588 mails)

< Previous Next >
[Bug 1143409] New: VUL-1: CVE-2019-14271: docker: In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the c
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 30 Jul 2019 09:55:54 +0000
  • Message-id: <bug-1143409-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1143409


Bug ID: 1143409
Summary: VUL-1: CVE-2019-14271: docker: In Docker 19.03.x
before 19.03.1 linked against the GNU C Library (aka
glibc), code injection can occur when the nsswitch
facility dynamically loads a library inside a chroot
that contains the c
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 15.0
Hardware: Other
URL: https://smash.suse.de/issue/238236/
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: containers-bugowner@xxxxxxx
Reporter: atoptsoglou@xxxxxxxx
QA Contact: security-team@xxxxxxx
Found By: Security Response Team
Blocker: ---

CVE-2019-14271

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc),
code injection can occur when the nsswitch facility dynamically loads a library
inside a chroot that contains the contents of the container.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14271
http://www.cvedetails.com/cve/CVE-2019-14271/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271
https://docs.docker.com/engine/release-notes/
https://github.com/moby/moby/issues/39449

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >