From ad7ddba0dc2a6ce41637b3579bcad929db3a4a51 Mon Sep 17 00:00:00 2001 From: Tycho Andersen Date: Fri, 31 Mar 2017 09:29:55 -0600 Subject: [PATCH 1/2] docs: add a security-events.md In the same vein as [1], let's start talking about security events. I suppose we want to talk about security events as well as non-events, though, to give a little discussion about post moretem. But we can rename this to security-non-events if we want. [1]: https://github.com/docker/docker.github.io/blob/master/engine/security/non-events.md Signed-off-by: Tycho Andersen --- docs/security-events.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 docs/security-events.md diff --git a/docs/security-events.md b/docs/security-events.md new file mode 100644 index 000000000..fb9202760 --- /dev/null +++ b/docs/security-events.md @@ -0,0 +1,9 @@ +The incomplete list below is an assement of some CVEs, and Moby's resillience +to them. + +Bugs mitigated: + +* [CVE-2017-2636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2636) + ([exploit post](https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html)): + This CVE requires `CONFIG_N_HDLC={y|m}`, which Moby does not specify, and so + is not vulnerable. From 12624b60bf099b217be3c6c9c79348101c9a0c45 Mon Sep 17 00:00:00 2001 From: Tycho Andersen Date: Fri, 31 Mar 2017 13:05:01 -0600 Subject: [PATCH 2/2] add some headings, fix some spelling mistakes Signed-off-by: Tycho Andersen --- docs/security-events.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/security-events.md b/docs/security-events.md index fb9202760..28e95db70 100644 --- a/docs/security-events.md +++ b/docs/security-events.md @@ -1,9 +1,13 @@ -The incomplete list below is an assement of some CVEs, and Moby's resillience -to them. +# Moby Security Events -Bugs mitigated: +The incomplete list below is an assessment of some CVEs, and Moby's resilience +(or not) to them. + +### Bugs mitigated: * [CVE-2017-2636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2636) ([exploit post](https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html)): This CVE requires `CONFIG_N_HDLC={y|m}`, which Moby does not specify, and so is not vulnerable. + +### Bugs not mitigated: