Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 20.04 LTS: 5103-1 critical: docker.io permissions risk

ubuntu
Calendar Grey October 4, 2021
Dist Ubuntu Esm H88
A security flaw in Docker on Ubuntu impacts access rights. Ensure your system is updated to safeguard against internal threats.
Docker could be made to adjust the permissions of files.

Summary

Docker could be made to adjust the permissions of files.

Software Description:

- docker.io: Linux container runtime

Details:

Lei Wang and Ruizhi Xiao discovered that the Moby Docker engine in

Docker incorrectly allowed the docker cp command to make permissions

changes in the host filesystem in some situations. A local attacker

could possibly use to this to expose sensitive information or gain

administrative privileges.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
  docker.io                       20.10.7-0ubuntu1~21.04.2

Ubuntu 20.04 LTS:
  docker.io                       20.10.7-0ubuntu1~20.04.2

Ubuntu 18.04 LTS:
  docker.io                       20.10.7-0ubuntu1~18.04.2

Ubuntu 16.04 ESM:
  docker.io                       18.09.7-0ubuntu1~16.04.9+esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5103-1

CVE-2021-41089

Severity
critical
Lowest
Low
Medium
High
Critical

October 04, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.