Wednesday, November 24, 2021

Amazon Linux AMI: CVE-2021-41190: Security patch for containerd, docker (ALAS-2021-1551)

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests� and “layers� fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both “manifests� and “layers� fields or “manifests� and “config� fields if they are unable to update to version 1.0.1 of the spec.
  • amazon-linux-upgrade--docker
  • amazon-linux-upgrade-containerd

  • References
  • ALAS-2021-1551
  • CVE-2021-41190


    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore