Several security issues were fixed in Docker.
Software Description:
- docker.io: reusable Go packages included with Docker
Details:
Cory Snider discovered that Docker incorrectly handled networking packet
encapsulation. An attacker could use this issue to inject internet
packets in established connection, possibly causing a denial of service or
bypassing firewall protections. This issue only affected Ubuntu 22.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. (CVE-2023-28840, CVE-2023-28841,
CVE-2023-28842)
Rory McNamara discovered that Docker incorrectly handled cache in the
BuildKit toolkit. An attacker could possibly use this issue to expose
sensitive information. (CVE-2024-23651)
It was discovered that Docker incorrectly handled parallel operations in
some circumstances, which could possibly lead to undefined behavior.
(CVE-2024-36621, CVE-2024-36623)
Rory McNamara discovered that Docker incorrectly verified file paths during
a certain command in the...
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS golang-github-docker-docker-dev 20.10.25+dfsg1-2ubuntu1+esm2 Available with Ubuntu Pro Ubuntu 22.04 LTS golang-github-docker-docker-dev 20.10.21-0ubuntu1~22.04.7+esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS golang-github-docker-docker-dev 20.10.21-0ubuntu1~20.04.6+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS docker.io 20.10.21-0ubuntu1~18.04.3+esm3 Available with Ubuntu Pro golang-github-docker-docker-dev 20.10.21-0ubuntu1~18.04.3+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7474-1
CVE-2023-28840, CVE-2023-28841, CVE-2023-28842, CVE-2024-23651,
CVE-2024-23652, CVE-2024-36621, CVE-2024-36623
Get the latest Linux and open source security news straight to your inbox.