Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 626038 (CVE-2017-11468)

Summary: <app-emulation/docker-registry-2.6.2 User content memory consumption Denial of Service
Product: Gentoo Security Reporter: Manuel Rüger (RETIRED) <mrueg>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: zmedico
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~4 [noglsa cve]
Package list:
Runtime testing required: ---

Description Manuel Rüger (RETIRED) gentoo-dev 2017-07-24 10:30:29 UTC 
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
Comment 1 Manuel Rüger (RETIRED) gentoo-dev 2017-07-24 14:49:16 UTC 
commit 16fff9d629363563ef28bb1ff7e3fee2a80a946d (HEAD -> master, origin/master, origin/HEAD)
Author: Manuel Rüger <mrueg@gentoo.org>
Date:   Mon Jul 24 16:14:50 2017 +0200

    app-emulation/docker-registry: Remove old
    
    Package-Manager: Portage-2.3.6, Repoman-2.3.3

commit f981f6ece867ed551f5546f56040e6142ae9ac08
Author: Manuel Rüger <mrueg@gentoo.org>
Date:   Mon Jul 24 16:13:39 2017 +0200

    app-emulation/docker-registry: Version bump to 2.6.2
    
    Gentoo-Bug: 626038
    Package-Manager: Portage-2.3.6, Repoman-2.3.3