Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "18.06.1-0ubuntu1~16.04.2", "binary_name": "docker-doc" }, { "binary_version": "18.06.1-0ubuntu1~16.04.2", "binary_name": "docker.io" }, { "binary_version": "18.06.1-0ubuntu1~16.04.2", "binary_name": "golang-docker-dev" }, { "binary_version": "18.06.1-0ubuntu1~16.04.2", "binary_name": "golang-github-docker-docker-dev" }, { "binary_version": "18.06.1-0ubuntu1~16.04.2", "binary_name": "vim-syntax-docker" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "18.06.1-0ubuntu1~18.04.1", "binary_name": "docker-doc" }, { "binary_version": "18.06.1-0ubuntu1~18.04.1", "binary_name": "docker.io" }, { "binary_version": "18.06.1-0ubuntu1~18.04.1", "binary_name": "golang-docker-dev" }, { "binary_version": "18.06.1-0ubuntu1~18.04.1", "binary_name": "golang-github-docker-docker-dev" }, { "binary_version": "18.06.1-0ubuntu1~18.04.1", "binary_name": "vim-syntax-docker" } ] }