安全公告/【CVE-2021-41089】

基本信息

漏洞名称:
受影响操作系统:Asianux
危险等级:中危
影响源码包:docker
CVSS评分:6.3
发现日期:2022-08-08
修复日期:
修复版本:18.09.0-238

漏洞描述

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.

漏洞判定

执行命令yum info PackageName获取软件包版本号,版本小于修复版本,则受此漏洞影响,版本大于等于修复版本,则此漏洞已修复

修复方式

yum update PackageName

补丁