Vulmon
Amazon Linux 2 Security Advisory: ALASDOCKER-2021-002
Advisory Release Date: 2021-10-22 22:49 Pacific
Advisory Updated Date: 2021-11-18 21:30 Pacific
Severity:
Medium
Issue Overview:
A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a man-in-the-middle (MitM) attack against the host network or another container. (CVE-2020-13401)
A flaw was found in moby. Moby buildkit calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. (CVE-2020-27534)
Affected Packages:
docker
Issue Correction:
Run yum update docker to update your system.
New Packages:
aarch64:
docker-19.03.13ce-1.amzn2.aarch64
docker-debuginfo-19.03.13ce-1.amzn2.aarch64
src:
docker-19.03.13ce-1.amzn2.src
x86_64:
docker-19.03.13ce-1.amzn2.x86_64
docker-debuginfo-19.03.13ce-1.amzn2.x86_64