Vulnerability CVE-2020-13401: Information
Description
An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.
Severity: MEDIUM (6.0) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
docker-ce | p9 | 19.03.13-alt1 | 19.03.13-alt2 | ALT-PU-2020-2987-1 | 259082 | Fixed |
libnetwork | p9 | 19.03.13-alt1.git026aaba | 19.03.13-alt1.git026aaba | ALT-PU-2020-2986-1 | 259082 | Fixed |
libnetwork | c9f2 | 19.03.13-alt1.git026aaba | 20.10.8-alt1.git64b7a45 | ALT-PU-2020-3028-1 | 259520 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://docs.docker.com/engine/release-notes/ |
|
http://www.openwall.com/lists/oss-security/2020/06/01/5 |
|
https://github.com/docker/docker-ce/releases/tag/v19.03.11 |
|
openSUSE-SU-2020:0846 |
|
DSA-4716 |
|
https://security.netapp.com/advisory/ntap-20200717-0002/ |
|
GLSA-202008-15 |
|
FEDORA-2020-5ba8c2d9d5 | |
FEDORA-2020-6d7deafd81 |