Overview

File _patchinfo of Package patchinfo.30224

<patchinfo incident="30224">
  <issue tracker="bnc" id="1214108">VUL-0: CVE-2023-28841: docker,golang-github-docker-libnetwork: Encrypted overlay network traffic may be unencrypted</issue>
  <issue tracker="bnc" id="1214109">VUL-0: CVE-2023-28842: docker,golang-github-docker-libnetwork: Encrypted overlay network with a single endpoint is unauthenticated</issue>
  <issue tracker="bnc" id="1214107">VUL-0: CVE-2023-28840: golang-github-docker-libnetwork,docker: Encrypted overlay network may be unauthenticated</issue>
  <issue tracker="cve" id="2023-28841"/>
  <issue tracker="cve" id="2023-28840"/>
  <issue tracker="cve" id="2023-28842"/>
  <packager>dancermak</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for docker</summary>
  <description>This update for docker fixes the following issues:

- Update to v20.10.25-ce
- CVE-2023-28840: Fixed a bug where an attacker could inject arbitrary Ethernet frames to execute a Denial of Service attack. (bsc#1214107)
- CVE-2023-28841: Fixed a bug which allows an attacker to sit in a trusted position on the network and read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure (bsc#1214108)
- CVE-2023-28842: Fixed a bug which allows an attacker to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. (bsc#1214109)
</description>
  <message>Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update?</message>

</patchinfo>
openSUSE Build Service is sponsored by
Places