The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Docker Moby: denial of service via gzip decompression

Synthesis of the vulnerability 

An attacker can consume all disk storage via the unlimited decompression of a Gzip file by Docker Moby, in order to trigger a denial of service.
Impacted systems: Docker CE, Fedora, openSUSE Leap.
Severity of this alert: 2/4.
Creation date: 11/12/2017.
Revision date: 08/02/2018.
Références of this alert: 35075, CVE-2017-14992, FEDORA-2017-15efa72a0c, FEDORA-2017-3976710f1e, openSUSE-SU-2018:0406-1, VIGILANCE-VUL-24719.

Description of the vulnerability 

An attacker can consume all disk storage via the unlimited decompression of a Gzip file by Docker Moby, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability alert impacts software or systems such as Docker CE, Fedora, openSUSE Leap.

Our Vigil@nce team determined that the severity of this computer threat alert is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this security vulnerability.

Solutions for this threat 

Docker Moby: version 17.09.1.
The version 17.09.1 is fixed:
  https://github.com/moby/moby
  https://mobyproject.org/

Docker Moby: patch for TAR.
A patch is available:
  https://github.com/vbatts/tar-split/pull/42

Fedora: new docker packages.
New packages are available:
  Fedora 26: docker 1.13.1-44.git584d391.fc26
  Fedora 27: docker 1.13.1-44.git584d391.fc27

openSUSE Leap: new docker packages.
New packages are available:
  openSUSE Leap 42.3: docker 17.09.1_ce-36.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a cybersecurity database. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.