Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 626038 (CVE-2017-11468) - <app-emulation/docker-registry-2.6.2 User content memory consumption Denial of Service
Summary: <app-emulation/docker-registry-2.6.2 User content memory consumption Denial ...
Status: RESOLVED FIXED
Alias: CVE-2017-11468
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~4 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-24 10:30 UTC by Manuel Rüger (RETIRED)
Modified: 2017-07-27 15:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Manuel Rüger (RETIRED) gentoo-dev 2017-07-24 10:30:29 UTC
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
Comment 1 Manuel Rüger (RETIRED) gentoo-dev 2017-07-24 14:49:16 UTC
commit 16fff9d629363563ef28bb1ff7e3fee2a80a946d (HEAD -> master, origin/master, origin/HEAD)
Author: Manuel Rüger <mrueg@gentoo.org>
Date:   Mon Jul 24 16:14:50 2017 +0200

    app-emulation/docker-registry: Remove old
    
    Package-Manager: Portage-2.3.6, Repoman-2.3.3

commit f981f6ece867ed551f5546f56040e6142ae9ac08
Author: Manuel Rüger <mrueg@gentoo.org>
Date:   Mon Jul 24 16:13:39 2017 +0200

    app-emulation/docker-registry: Version bump to 2.6.2
    
    Gentoo-Bug: 626038
    Package-Manager: Portage-2.3.6, Repoman-2.3.3