Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2017-11468: Release Docker Registry v2.6.2 · distribution/distribution

Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.

CVE
#dos#perl#docker

This release is a special security release to address an issue allowing
an attacker to force arbitrarily-sized memory allocations in a registry
instance through the manifest endpoint. The problem has been mitigated
by limiting the size of reads for image manifest content.

Details for mitigation are in 29fa466

CVE-2017-11468 has been assigned for this issue.

Changelog

48294d9 Merge pull request #2343 from stevvooe/prepare-2.6.2
04ce686 release: prepare for 2.6.2 release
c829241 Merge pull request #2341 from stevvooe/limit-payload-size-26
29fa466 registry/{storage,handlers}: limit content sizes
42ea75c Merge pull request #2284 from mstanleyjones/release/2.6
ed2b686 Put architecture.md back into distribution repo

Related news

Ubuntu Security Notice USN-6336-1

Ubuntu Security Notice 6336-1 - It was discovered that Docker Registry incorrectly handled certain crafted input, A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that Docker Registry incorrectly handled certain crafted input. An attacker could possibly use this issue to cause a denial of service.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907