Findings for Container Security, Medium, [TheRedHatter/javagoof:Dockerfile]:Race Condition
Created by: armorcodegithubpreprod[bot]
Findings for Container Security, Medium, [TheRedHatter/javagoof:Dockerfile]:Race Condition
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >*
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream libgcrypt20 package.
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
References
- ADVISORY
- Debian Security Announcement
- Debian Security Announcement
- Debian Security Tracker
- Gentoo Security Advisory
- GitHub Release
- MISC
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OSS security Advisory
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
- Ubuntu Security Advisory
- Ubuntu Security Advisory
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><232-25+deb9u10
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream systemd package.
See How to fix? for Debian:9 relevant versions.
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
References
- Debian Security Announcement
- Debian Security Tracker
- RedHat Bugzilla Bug
- RHSA Security Advisory
- Security Tracker
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
Origin : null Type : null Image Id : null
Snyk Project Status: Active