Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Ubuntu 24.04 LTS: USN-7474-1 critical: Docker Multiple Issues

Calendar May 01, 2025 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service ubuntu attack vector docker buildkit
Several security issues were fixed in Docker. 
==========================================================================
Ubuntu Security Notice USN-7474-1
May 01, 2025

docker.io vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Docker.

Software Description:
- docker.io: reusable Go packages included with Docker

Details:

Cory Snider discovered that Docker incorrectly handled networking packet
encapsulation. An attacker could use this issue to inject internet
packets in established connection, possibly causing a denial of service or
bypassing firewall protections. This issue only affected Ubuntu 22.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. (CVE-2023-28840, CVE-2023-28841,
CVE-2023-28842)

Rory McNamara discovered that Docker incorrectly handled cache in the
BuildKit toolkit. An attacker could possibly use this issue to expose
sensitive information. (CVE-2024-23651)

It was discovered that Docker incorrectly handled parallel operations in
some circumstances, which could possibly lead to undefined behavior.
(CVE-2024-36621, CVE-2024-36623)

Rory McNamara discovered that Docker incorrectly verified file paths during
a certain command in the BuildKit toolkit. An attacker could possibly use
this issue to delete arbitrary files from the system. (CVE-2024-23652)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   golang-github-docker-docker-dev  20.10.25+dfsg1-2ubuntu1+esm2
                                   Available with Ubuntu Pro

Ubuntu 22.04 LTS
   golang-github-docker-docker-dev  20.10.21-0ubuntu1~22.04.7+esm2
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   golang-github-docker-docker-dev  20.10.21-0ubuntu1~20.04.6+esm2
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   docker.io                       20.10.21-0ubuntu1~18.04.3+esm3
                                   Available with Ubuntu Pro
   golang-github-docker-docker-dev  20.10.21-0ubuntu1~18.04.3+esm3
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7474-1
   CVE-2023-28840, CVE-2023-28841, CVE-2023-28842, CVE-2024-23651,
   CVE-2024-23652, CVE-2024-36621, CVE-2024-36623

Ubuntu 24.04 LTS: USN-7474-1 critical: Docker Multiple Issues

ubuntu
Calendar Grey May 1, 2025
Dist Ubuntu Esm H88
Critical security advisory for Docker operating on Ubuntu addressing multiple weaknesses impacting overall software functionality.
Several security issues were fixed in Docker.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Docker. Software Description: - docker.io: reusable Go packages included with Docker Details: Cory Snider discovered that Docker incorrectly handled networking packet encapsulation. An attacker could use this issue to inject internet packets in established connection, possibly causing a denial of service or bypassing firewall protections. This issue only affected Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. (CVE-2023-28840, CVE-2023-28841, CVE-2023-28842) Rory McNamara discovered that Docker incorrectly handled cache in the BuildKit toolkit. An attacker could possibly use this issue to expose sensitive information. (CVE-2024-23651) It was discovered that Docker incorrectly handled parallel operations in some circumstances, which could possibl...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service ubuntu attack vector docker buildkit

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS   golang-github-docker-docker-dev  20.10.25+dfsg1-2ubuntu1+esm2                                   Available with Ubuntu Pro Ubuntu 22.04 LTS   golang-github-docker-docker-dev  20.10.21-0ubuntu1~22.04.7+esm2                                   Available with Ubuntu Pro Ubuntu 20.04 LTS   golang-github-docker-docker-dev  20.10.21-0ubuntu1~20.04.6+esm2                                   Available with Ubuntu Pro Ubuntu 18.04 LTS   docker.io                       20.10.21-0ubuntu1~18.04.3+esm3                                   Available with Ubuntu Pro   golang-github-docker-docker-dev  20.10.21-0ubuntu1~18.04.3+esm3                                   Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7474-1

  CVE-2023-28840, CVE-2023-28841, CVE-2023-28842, CVE-2024-23651,

  CVE-2024-23652, CVE-2024-36621, CVE-2024-36623

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7474-1

Topics%20covered

Topics Covered

security advisory denial of service ubuntu attack vector docker buildkit

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here