CVE-2019-14271

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.

References

Affected packages

Debian:11 / docker.io

Package

Name: docker.io
Purl: pkg:deb/debian/docker.io?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.09.1+dfsg1-9

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / docker.io

Package

Name: docker.io
Purl: pkg:deb/debian/docker.io?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.09.1+dfsg1-9

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / docker.io

Package

Name: docker.io
Purl: pkg:deb/debian/docker.io?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.09.1+dfsg1-9

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/docker/docker

Affected ranges

Type: GIT
Repo: https://github.com/docker/docker
Events: Introduced

705d9623b7c1fac1f8cf48074d5861847d09eb67

Fixed

fa8dd90ceb7bcb9d554d27e0b9087ab83e54bd2b

Type: GIT
Repo: https://github.com/docker/docker-ce
Events: Introduced

aeac9490dc54c1d48b3d7ae9a46f5a19b78dcd3a

Fixed

74b1e89e8ac68948be88fe0aa1e2767ae28659fe

Affected versions

v19.*

v19.03.0