Lack of content verification in Docker allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. References: https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/ Upstream issue: https://github.com/moby/moby/issues/35075
Created docker tracking bugs for this issue: Affects: fedora-all [bug 1510351] Created docker-latest tracking bugs for this issue: Affects: fedora-all [bug 1510352]
CVE fix back ported to all docker branches, moving to POST for rebuild