moderate: qt5-qttranslations/docker-ce security update
moderate
An update for qt5-qttranslations/docker-ce is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
qt5-qttranslations: Qt5 - QtTranslations module.
docker-ce: Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance and everything in between - and they don't require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider.
Security Fix(es):
qt5-qttranslations: QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.(CVE-2018-15518)
qt5-qttranslations: An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.(CVE-2018-19870)
qt5-qttranslations: An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.(CVE-2018-19873)
qt5-qttranslations: An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.(CVE-2018-19871)
qt5-qttranslations: An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.(CVE-2018-19869)
qt5-qttranslations: bugfix
docker-ce: A file permissions vulnerability was found in Moby (Docker Engine). Copying files by using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an attacker access to restricted data.(CVE-2021-41089)
docker-ce: A file permissions vulnerability was found in the Moby (Docker Engine). The Moby data directory (usually /var/lib/docker) contains subdirectories with insufficiently restricted permissions, allowing unprivileged Linux users to traverse directory contents and execute programs. When the running container contains executable programs with the extended permission bits (like setuid), unprivileged Linux users can discover and execute those programs. Additionally, when the UID of an unprivileged Linux user on the host collides with the file owner or group inside a container, the unprivileged Linux user on the host can discover, read, and modify those files. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-41091)
docker-ce: An integer overflow vulnerability was found in runC. This issue occurs due to an incorrect netlink encoder handling the possibility of an integer overflow in the 16-bit length field for the byte array attribute type. This flaw allows an attacker who can include a large enough malicious byte array attribute to bypass the namespace restrictions of the container by simply adding their netlink payload, which disables all namespaces.(CVE-2021-43784)
docker-ce: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F15B7.