Debian Security Advisory
DSA-4716-1 docker.io -- security update
- Date Reported:
- 02 Jul 2020
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 962141.
In Mitre's CVE dictionary: CVE-2020-13401.
- More information:
Etienne Champetier discovered that Docker, a Linux container runtime, created network bridges which by default accept IPv6 router advertisements. This could allow an attacker with the CAP_NET_RAW capability in a container to spoof router advertisements, resulting in information disclosure or denial of service.
For the stable distribution (buster), this problem has been fixed in version 18.09.1+dfsg1-7.1+deb10u2.
We recommend that you upgrade your docker.io packages.
For the detailed security status of docker.io please refer to its security tracker page at: https://security-tracker.debian.org/tracker/docker.io