Docker Registry in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint. Upstream patch: https://github.com/docker/distribution/commit/29fa466debaabb64f8559116bbffd20a289d523c References: https://github.com/docker/distribution/releases/tag/v2.6.2
Created docker-distribution tracking bugs for this issue: Affects: fedora-all [bug 1474894]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extras Via RHSA-2017:2603 https://access.redhat.com/errata/RHSA-2017:2603