Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "docker-doc": "18.06.1-0ubuntu1~16.04.2", "docker.io": "18.06.1-0ubuntu1~16.04.2", "golang-github-docker-docker-dev": "18.06.1-0ubuntu1~16.04.2", "golang-docker-dev": "18.06.1-0ubuntu1~16.04.2", "vim-syntax-docker": "18.06.1-0ubuntu1~16.04.2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "docker-doc": "18.06.1-0ubuntu1~18.04.1", "docker.io": "18.06.1-0ubuntu1~18.04.1", "golang-github-docker-docker-dev": "18.06.1-0ubuntu1~18.04.1", "golang-docker-dev": "18.06.1-0ubuntu1~18.04.1", "vim-syntax-docker": "18.06.1-0ubuntu1~18.04.1" } ] }