Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2020-13401

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.

Related bugs and status

CVE-2020-13401 (Candidate) is related to these bugs:

Bug #1881679: update to 19.03.11

		In	Importance	Status
1881679	update to 19.03.11	docker.io (Ubuntu)	Undecided	Fix Released
1881679	update to 19.03.11	docker.io (Ubuntu Focal)	Undecided	Fix Released
1881679	update to 19.03.11	docker.io (Ubuntu Eoan)	Undecided	Won't Fix
1881679	update to 19.03.11	docker.io (Ubuntu Bionic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://github.com/doc...
MISC: http://www.openwall.co...
MISC: https://docs.docker.co...
FEDORA: FEDORA-2020-5ba8c2d9d5
FEDORA: FEDORA-2020-6d7deafd81
SUSE: openSUSE-SU-2020:0846
DEBIAN: DSA-4716
CONFIRM: https://security.netap...
GENTOO: GLSA-202008-15