<p>Upgrade <code>SLES:15.1</code> <code>docker-bash-completion</code> to version 19.03.1_ce-6.26.2 or higher.</p>

Improper Initialization Affecting docker-bash-completion package, versions <19.03.1_ce-6.26.2

Threat Intelligence

1.6% (88^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-SLES151-DOCKERBASHCOMPLETION-2737631
published 14 Apr 2022
disclosed 13 Aug 2019

Report a new vulnerability Found a mistake?

Introduced: 13 Aug 2019

CVE-2019-14271 Open this link in a new tab CWE-665 Open this link in a new tab

How to fix?

Upgrade SLES:15.1 docker-bash-completion to version 19.03.1_ce-6.26.2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream docker-bash-completion package and not the docker-bash-completion package as distributed by SLES. See How to fix? for SLES:15.1 relevant fixed versions and status.

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.

References

CVSS Scores

version 3.1

Improper Initialization Affecting docker-bash-completion package, versions <19.03.1_ce-6.26.2

Severity

Based on SUSE Linux Enterprise Server security rating