DSA-5414-1

Source

https://storage.googleapis.com/debian-osv/dsa-osv/DSA-5414-1.json

Published

2023-05-27T00:00:00Z

Modified

2023-06-28T06:51:27.106956Z

Details

Jose Gomez discovered that the Catalog API endpoint in the Docker registry implementation did not sufficiently enforce limits, which could result in denial of service.

For the stable distribution (bullseye), this problem has been fixed in version 2.7.1+ds2-7+deb11u1.

We recommend that you upgrade your docker-registry packages.

For the detailed security status of docker-registry please refer to its security tracker page at: \ https://security-tracker.debian.org/tracker/docker-registry

References

https://www.debian.org/security/2023/dsa-5414

Affected packages

Debian:11 / docker-registry

Source Details

Package Name: docker-registry

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.1+ds2-7+deb11u1

Affected versions

2.*

2.7.1+ds2-7