ALAS-2020-1376

Amazon Linux 1 (EOL) Security Advisory: ALAS-2020-1376
Advisory Released Date: 2020-06-03
Advisory Updated Date: 2020-06-03

Severity: Important

References: CVE-2020-13401
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.(CVE-2020-13401)

Affected Packages:

docker

Issue Correction:
Run yum update docker to update your system.

New Packages:

src:
    docker-19.03.6ce-4.58.amzn1.src

x86_64:
    docker-19.03.6ce-4.58.amzn1.x86_64
    docker-debuginfo-19.03.6ce-4.58.amzn1.x86_64

Additional References

Red Hat: CVE-2020-13401

Mitre: CVE-2020-13401