On Sun, Jun 14, 2020 at 11:23:41PM +0200, Felix Geyer wrote: > Hi security team / maintainers, > > On Wed, 03 Jun 2020 20:58:53 +0200 Salvatore Bonaccorso <car...@debian.org> > wrote: > > Source: docker.io > > Version: 19.03.7+dfsg1-3 > > Severity: important > > Tags: security upstream > > > > Hi, > > > > The following vulnerability was published for docker.io. > > > > CVE-2020-13401[0]: > > | An issue was discovered in Docker Engine before 19.03.11. An attacker > > | in a container, with the CAP_NET_RAW capability, can craft IPv6 router > > | advertisements, and consequently spoof external IPv6 hosts, obtain > > | sensitive information, or cause a denial of service. > > I've prepared an update for buster-security (debdiff attached). > With the update accept_ra is correctly set to 0 for bridges Docker creates.
Looks fine, thanks! Please upload to security-master. Cheers, Moritz