https://bugzilla.redhat.com/show_bug.cgi?id=1474893
Bug ID: 1474893
Summary: CVE-2017-11468 docker-distribution: Does not properly
restrict the amount of content accepted from a user
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: admiller(a)redhat.com, fkluknav(a)redhat.com,
golang-updates(a)lists.fedoraproject.org,
jchaloup(a)redhat.com, lsm5(a)redhat.com,
marianne(a)tuxette.fr
Docker Registry in Docker Distribution does not properly restrict the amount of
content accepted from a user, which allows remote attackers to cause a denial
of service (memory consumption) via the manifest endpoint.
Upstream patch:
https://github.com/docker/distribution/commit/29fa466debaabb64f8559116bbf...
References:
https://github.com/docker/distribution/releases/tag/v2.6.2
--
You are receiving this mail because:
You are on the CC list for the bug.