| 1 |
type: security |
| 2 |
subject: Updated docker-containerd packages fix security vulnerability |
| 3 |
CVE: |
| 4 |
- CVE-2021-41190 |
| 5 |
src: |
| 6 |
8: |
| 7 |
core: |
| 8 |
- docker-containerd-1.5.8-1.mga8 |
| 9 |
description: | |
| 10 |
The OCI Distribution Spec project defines an API protocol to facilitate |
| 11 |
and standardize the distribution of content. In the OCI Distribution |
| 12 |
Specification version 1.0.0 and prior, the Content-Type header alone was |
| 13 |
used to determine the type of document during push and pull operations. |
| 14 |
Documents that contain both "manifests" and "layers" fields could be |
| 15 |
interpreted as either a manifest or an index in the absence of an |
| 16 |
accompanying Content-Type header. If a Content-Type header changed between |
| 17 |
two pulls of the same digest, a client may interpret the resulting content |
| 18 |
differently. The OCI Distribution Specification has been updated to require |
| 19 |
that a mediaType value present in a manifest or index match the |
| 20 |
Content-Type header used during the push and pull operations. Clients |
| 21 |
pulling from a registry may distrust the Content-Type header and reject an |
| 22 |
ambiguous document that contains both "manifests" and "layers" fields or |
| 23 |
"manifests" and "config" fields if they are unable to update to version |
| 24 |
1.0.1 of the spec. |
| 25 |
references: |
| 26 |
- https://bugs.mageia.org/show_bug.cgi?id=29669 |
| 27 |
- https://github.com/moby/moby/security/advisories/GHSA-xmmx-7jpf-fx42 |
| 28 |
ID: MGASA-2021-0531 |
Parent Directory
| 
Revision Log