{"id":"MGASA-2021-0531","summary":"Updated docker-containerd packages fix security vulnerability","details":"The OCI Distribution Spec project defines an API protocol to facilitate\nand standardize the distribution of content. In the OCI Distribution\nSpecification version 1.0.0 and prior, the Content-Type header alone was\nused to determine the type of document during push and pull operations.\nDocuments that contain both \"manifests\" and \"layers\" fields could be\ninterpreted as either a manifest or an index in the absence of an\naccompanying Content-Type header. If a Content-Type header changed between\ntwo pulls of the same digest, a client may interpret the resulting content\ndifferently. The OCI Distribution Specification has been updated to require\nthat a mediaType value present in a manifest or index match the\nContent-Type header used during the push and pull operations. Clients\npulling from a registry may distrust the Content-Type header and reject an\nambiguous document that contains both \"manifests\" and \"layers\" fields or\n\"manifests\" and \"config\" fields if they are unable to update to version\n1.0.1 of the spec.\n","modified":"2026-04-16T04:43:47.976990611Z","published":"2021-12-02T16:49:28Z","upstream":["CVE-2021-41190"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0531.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29669"},{"type":"ADVISORY","url":"https://github.com/moby/moby/security/advisories/GHSA-xmmx-7jpf-fx42"}],"affected":[{"package":{"name":"docker-containerd","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/docker-containerd?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.8-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0531.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}