it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5414-1] docker-registry security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5414-1] docker-registry security update
Date: Sat, 27 May 2023 11:00:10 +0000
Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/ZHHiupJH3+Ka56YO AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=94PxY438IBaet/Otl1JJdEvr8sgFaBvILKQDFexskgo=; b=sA 80JOJr6fXVPpHvbsHaTP104L6tKt0e1qZdn52fihrBDo1+HDYsWO6ikq4WY9LwiO7+3/EJ0iP621Y WfbfA6x2Otu1MTEG2RDtABmRIq6bfe3cn++GA1u4GHAHTVbQ3Ee8aLl0SsPuytwQhQ9Q1YOYlpWb2 P8lWQ1dmLn8Ffo69fBJq6tGoIi6KZ0IbYjbr0Ap1e8HsMYONGH5I7wWrhJg79yLoGoJEyt+tXNLRU dQ//ULZ50IGwnCYBHFvRY07/fiZ8tNtNKkoTkjH4RPqRIPIfosKmN7utlA+7roSm29hsyyWAuHVYY FuTd84faj0C/7oLqOp3aATqIedQyeVlA==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Sat, 27 May 2023 11:00:38 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <TeA0XaPUQkC.A.8gE.WLeckB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5414-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 27, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : docker-registry
CVE ID : CVE-2023-2253
Debian Bug : 1035956

Jose Gomez discovered that the Catalog API endpoint in the Docker
registry implementation did not sufficiently enforce limits, which
could result in denial of service.

For the stable distribution (bullseye), this problem has been fixed in
version 2.7.1+ds2-7+deb11u1.

We recommend that you upgrade your docker-registry packages.

For the detailed security status of docker-registry please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/docker-registry

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmRx4msACgkQEMKTtsN8
TjZ7fw/9E+dbZBJfuAwWXfAdwAuSE+6aN2Ddqb956wFeT0K+sMaEzhnDthATuJx0
cR8K9TfVOcSUbn7bhi/fDxlWMoUL+wN14MxwphZ2udEAgkv052bz97/vAU2bcGNu
ye081BQWgbdpxm4Y5ioVSyze0y9uixKkBA6grnc9DQoEZz/4cqifxJh5itwFi/AC
5TuNzZk4HY7kDrRf/OLZZpZFNloNP9G535FxEdmjR3jTd6scSbEnwmXmuUPUQwo6
IfrCLnPRVXY0Vn2Pphb8fK1vsYZrWQpzvBHr4UO/z8F14Pl1AVqQNh0Oct5y/oDh
Y4MN8n9e5Zsx4lunBczhOS8fGy0gU2ZLK12KTLeTdA1TSZMV6MrkFdYAiWDI6+qP
7f8LQi4m1h2HqJX9nm50eEjZ4lfwtK0Xwb0YQEkadpnknbdQM1zkojblFZOjQqq8
GQwQQYD+XfIRThZWLz3vA9RhE1MH0/p5JNxfQmm2VG7xdtBdWV5PRtnUtC9KoYQ4
wyJjE4AxRbbVbVGoyuoQOCEmMt+MYp68aYjHQD6szT9aGNpyxKdncjHVAVQGdb4c
YPAi3m0uObQKsy0q6tDXu+8BhZDoFaFlyy9AtFjPL0mE36FTiLxOmkkJ0Xi4fNlu
4Ghq2yiX/lK+xuXjQ+D7SVu6KEuKg8p7ATxIh5k2AmSh6bO7Gz8=
=vOWz
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5414-1] docker-registry security update, Moritz Muehlenhoff, 27.05.2023

Archiv bereitgestellt durch MHonArc 2.6.24.