Package: docker.io X-Debbugs-CC: [email protected] Severity: grave Tags: security
Hi,
The following vulnerability was published for docker.io.
CVE-2018-10892[0]:
| The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby
| from 1.11 to current does not block /proc/acpi pathnames. The flaw
| allows an attacker to modify host's hardware like enabling/disabling
| bluetooth or turning up/down keyboard brightness.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-10892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10892
Please adjust the affected versions in the BTS as needed.
--
signature.asc
Description: PGP signature

