Etienne Champetier discovered that Docker, a Linux container runtime, created network bridges which by default accept IPv6 router advertisements. This could allow an attacker with the CAP_NET_RAW capability in a container to spoof router advertisements, resulting in information disclosure or denial of service. For the stable distribution (buster), this problem has been fixed in version 18.09.1+dfsg1-7.1+deb10u2. We recommend that you upgrade your docker.io packages. For the detailed security status of docker.io please refer to its security tracker page at: https://security-tracker.debian.org/tracker/docker.io
Etienne Champetier discovered that Docker, a Linux container runtime, created network bridges which by default accept IPv6 router advertisements. This could allow an attacker with the CAP_NET_RAW capability in a container to spoof router advertisements, resulting in information disclosure or denial of service.
For the stable distribution (buster), this problem has been fixed in version 18.09.1+dfsg1-7.1+deb10u2.
We recommend that you upgrade your docker.io packages.
For the detailed security status of docker.io please refer to its security tracker page at: https://security-tracker.debian.org/tracker/docker.io