Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 24.04 LTS: USN-7474-1 critical: Docker Multiple Issues

ubuntu
Calendar Grey May 1, 2025
Dist Ubuntu Esm H88
Critical security advisory for Docker operating on Ubuntu addressing multiple weaknesses impacting overall software functionality.
Several security issues were fixed in Docker.

Summary

Several security issues were fixed in Docker.

Software Description:

- docker.io: reusable Go packages included with Docker

Details:

Cory Snider discovered that Docker incorrectly handled networking packet

encapsulation. An attacker could use this issue to inject internet

packets in established connection, possibly causing a denial of service or

bypassing firewall protections. This issue only affected Ubuntu 22.04 LTS,

Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. (CVE-2023-28840, CVE-2023-28841,

CVE-2023-28842)

Rory McNamara discovered that Docker incorrectly handled cache in the

BuildKit toolkit. An attacker could possibly use this issue to expose

sensitive information. (CVE-2024-23651)

It was discovered that Docker incorrectly handled parallel operations in

some circumstances, which could possibly lead to undefined behavior.

(CVE-2024-36621, CVE-2024-36623)

Rory McNamara discovered that Docker incorrectly verified file paths during

a certain command in the...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   golang-github-docker-docker-dev  20.10.25+dfsg1-2ubuntu1+esm2
                                   Available with Ubuntu Pro

Ubuntu 22.04 LTS
   golang-github-docker-docker-dev  20.10.21-0ubuntu1~22.04.7+esm2
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   golang-github-docker-docker-dev  20.10.21-0ubuntu1~20.04.6+esm2
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   docker.io                       20.10.21-0ubuntu1~18.04.3+esm3
                                   Available with Ubuntu Pro
   golang-github-docker-docker-dev  20.10.21-0ubuntu1~18.04.3+esm3
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7474-1

  CVE-2023-28840, CVE-2023-28841, CVE-2023-28842, CVE-2024-23651,

  CVE-2024-23652, CVE-2024-36621, CVE-2024-36623

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7474-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here