DSA-5414-1

Source
https://storage.googleapis.com/debian-osv/dsa-osv/DSA-5414-1.json
Published
2023-05-27T00:00:00Z
Modified
2023-06-28T06:51:27.106956Z
Details

Jose Gomez discovered that the Catalog API endpoint in the Docker registry implementation did not sufficiently enforce limits, which could result in denial of service.

For the stable distribution (bullseye), this problem has been fixed in version 2.7.1+ds2-7+deb11u1.

We recommend that you upgrade your docker-registry packages.

For the detailed security status of docker-registry please refer to its security tracker page at: \ https://security-tracker.debian.org/tracker/docker-registry

References

Affected packages

Debian:11 / docker-registry

Source Details

Package Name
docker-registry

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.7.1+ds2-7+deb11u1

Affected versions

2.*

2.7.1+ds2-7