From dcfa5996aef0f5374ef6fc141e6d01af30c70323 Mon Sep 17 00:00:00 2001 From: Vighnesh Maheshwari Date: Mon, 22 Jul 2024 21:32:17 +0000 Subject: [PATCH 1/2] BRSA for soci-snapshotter CVE-2024-24788 --- advisories/2.2.0/BRSA-wyuvthdr.toml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 advisories/2.2.0/BRSA-wyuvthdr.toml diff --git a/advisories/2.2.0/BRSA-wyuvthdr.toml b/advisories/2.2.0/BRSA-wyuvthdr.toml new file mode 100644 index 000000000..c884a36a8 --- /dev/null +++ b/advisories/2.2.0/BRSA-wyuvthdr.toml @@ -0,0 +1,16 @@ +[advisory] +id = "BRSA-wyuvthdr" +title = "soci-snapshotter CVE-2024-24788" +cve = "CVE-2024-24788" +severity = "high" +description = "A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop." + +[[advisory.products]] +package-name = "soci-snapshotter" +patched-version = "0.6.1" + +[updateinfo] +author = "vighmah" +issue-date = 2024-07-18T20:54:34Z +arches = ["x86_64", "aarch64"] +version = "2.2.0" From 392bdbe42a5acf25f38485a4ba48021899e72ae1 Mon Sep 17 00:00:00 2001 From: Vighnesh Maheshwari Date: Mon, 22 Jul 2024 21:32:44 +0000 Subject: [PATCH 2/2] BRSA for docker-engine CVE-2024-29018 --- advisories/2.2.0/BRSA-tjnwgl2a.toml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 advisories/2.2.0/BRSA-tjnwgl2a.toml diff --git a/advisories/2.2.0/BRSA-tjnwgl2a.toml b/advisories/2.2.0/BRSA-tjnwgl2a.toml new file mode 100644 index 000000000..652f4fc54 --- /dev/null +++ b/advisories/2.2.0/BRSA-tjnwgl2a.toml @@ -0,0 +1,16 @@ +[advisory] +id = "BRSA-tjnwgl2a" +title = "docker-engine CVE-2024-29018" +cve = "CVE-2024-29018" +severity = "high" +description = "A flaw in the `dockerd` design allowed for a potential data exfiltration from 'internal' networks via authoritative DNS servers. This is because `dockerd` will forward DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics entirely." + +[[advisory.products]] +package-name = "docker-engine" +patched-version = "25.0.5" + +[updateinfo] +author = "vighmah" +issue-date = 2024-07-18T20:54:34Z +arches = ["aarch64", "x86_64"] +version = "2.2.0"