Updated docker packages fix security vulnerability
Publication date: 24 Jan 2023Modification date: 24 Jan 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-29153 , CVE-2022-36109 , CVE-2022-3920
Description
Server side request forgery (CVE-2022-29153)
Bypass primary group restrictions due to a flaw in the supplementary group
access setup (CVE-2022-36109)
Imported Nodes/Services Information leak in moby-engine. (CVE-2022-3920)
References
- https://bugs.mageia.org/show_bug.cgi?id=30834
- https://docs.docker.com/engine/release-notes/#201018
- https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ/
- https://docs.docker.com/engine/release-notes/#201020
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VFYXCTLOSESYIP72BUYD6ECDIMUM4WMB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29153
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36109
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3920
SRPMS
8/core
- docker-20.10.22-1.mga8