Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 24.10: USN-7161-3 critical: docker unauthorized access

ubuntu
Calendar Grey April 15, 2025
Dist Ubuntu Esm H88
The Docker service on Ubuntu may inadvertently permit network connectivity. There are updates released for multiple versions of Ubuntu.
docker.io could allow unintended access to network services

Summary

docker.io could allow unintended access to network services

Software Description:

- docker.io: reusable Go packages included with Docker

Details:

USN-7161-1 and USN-7161-2 fixed CVE-2024-41110 for source package

docker.io in Ubuntu 18.04 LTS and for source package docker.io-app in

Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10.

This update fixes it for source package docker.io in Ubuntu 20.04 LTS,

Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. These updates only

address the docker library and not the docker.io application itself, which

was already patched in the previous USNs (USN-7161-1 and USN-7161-2).

Original advisory details:

 Yair Zak discovered that Docker could unexpectedly forward DNS requests

 from internal networks in an unexpected manner. An attacker could possibly

 use this issue to exfiltrate data by encoding information in DNS queries

 to controlled nameservers. This issue was only addressed for the sou...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   golang-github-docker-docker-dev  26.1.4+dfsg2-1ubuntu1.1

Ubuntu 24.04 LTS
   golang-github-docker-docker-dev  20.10.25+dfsg1-2ubuntu1+esm1
                                   Available with Ubuntu Pro

Ubuntu 22.04 LTS
   golang-github-docker-docker-dev  20.10.21-0ubuntu1~22.04.7+esm1
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   golang-github-docker-docker-dev  20.10.21-0ubuntu1~20.04.6+esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7161-3

  https://ubuntu.com/security/notices/USN-7161-2

  https://ubuntu.com/security/notices/USN-7161-1

  CVE-2024-41110

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7161-3

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here