Launchpad CVE tracker

CVE 2019-14271

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.

Related bugs and status

CVE-2019-14271 (Candidate) is related to these bugs:

Bug #1867068: update to 19.03.8 to get improved mitigation for CVE-2019-14271

		In	Importance	Status
1867068	update to 19.03.8 to get improved mitigation for CVE-2019-14271	docker.io (Ubuntu)	Undecided	Fix Released
1867068	update to 19.03.8 to get improved mitigation for CVE-2019-14271	docker.io (Ubuntu Bionic)	Undecided	Fix Released
1867068	update to 19.03.8 to get improved mitigation for CVE-2019-14271	docker.io (Ubuntu Eoan)	Undecided	Won't Fix

Bug #1916541: smtp "fatal: unknown service: smtp/tcp", probably after libc upgrade

		In	Importance	Status
1916541	smtp "fatal: unknown service: smtp/tcp", probably after libc upgrade	postfix (Ubuntu)	High	Invalid
1916541	smtp "fatal: unknown service: smtp/tcp", probably after libc upgrade	glibc (Ubuntu)	High	Fix Released
1916541	smtp "fatal: unknown service: smtp/tcp", probably after libc upgrade	GLibC	Medium	Fix Released
1916541	smtp "fatal: unknown service: smtp/tcp", probably after libc upgrade	glibc (Ubuntu Hirsute)	High	Fix Released
1916541	smtp "fatal: unknown service: smtp/tcp", probably after libc upgrade	postfix (Ubuntu Hirsute)	High	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2019-14271

References