{"affected":[{"ecosystem_specific":{"binaries":[{"docker":"20.10.25_ce-98.93.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Containers 12","name":"docker","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"20.10.25_ce-98.93.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for docker fixes the following issues:\n\n- Update to v20.10.25-ce\n- CVE-2023-28840: Fixed a bug where an attacker could inject arbitrary Ethernet frames to execute a Denial of Service attack. (bsc#1214107)\n- CVE-2023-28841: Fixed a bug which allows an attacker to sit in a trusted position on the network and read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure (bsc#1214108)\n- CVE-2023-28842: Fixed a bug which allows an attacker to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. (bsc#1214109)\n","id":"SUSE-SU-2023:3307-1","modified":"2023-08-14T08:52:14Z","published":"2023-08-14T08:52:14Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20233307-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214107"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214108"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214109"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-28840"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-28841"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-28842"}],"related":["CVE-2023-28840","CVE-2023-28841","CVE-2023-28842"],"summary":"Security update for docker","upstream":["CVE-2023-28840","CVE-2023-28841","CVE-2023-28842"]}