USN-5103-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-5103-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5103-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5103-1

Related

Published

2021-10-04T22:48:39.382089Z

Modified

2021-10-04T22:48:39.382089Z

Summary

docker.io vulnerability

Details

Lei Wang and Ruizhi Xiao discovered that the Moby Docker engine in Docker incorrectly allowed the docker cp command to make permissions changes in the host filesystem in some situations. A local attacker could possibly use to this to expose sensitive information or gain administrative privileges.

References

Affected packages

Ubuntu:Pro:16.04:LTS / docker.io

Package

Name: docker.io
Purl: pkg:deb/ubuntu/docker.io?arch=src?distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.09.7-0ubuntu1~16.04.9+esm1

Affected versions

1.*

1.6.2~dfsg1-1ubuntu4

1.10.2-0ubuntu3

1.10.2-0ubuntu4

1.10.3-0ubuntu1

1.10.3-0ubuntu4

1.10.3-0ubuntu5

1.10.3-0ubuntu6

1.11.2-0ubuntu5~16.04

1.12.1-0ubuntu13~16.04.1

1.12.3-0ubuntu4~16.04.2

1.12.6-0ubuntu1~16.04.1

1.13.1-0ubuntu1~16.04.2

17.*

17.03.2-0ubuntu2~16.04.1

18.*

18.06.1-0ubuntu1~16.04.2

18.06.1-0ubuntu1.2~16.04.1

18.09.2-0ubuntu1~16.04.1

18.09.5-0ubuntu1~16.04.2

18.09.7-0ubuntu1~16.04.1

18.09.7-0ubuntu1~16.04.4

18.09.7-0ubuntu1~16.04.5

18.09.7-0ubuntu1~16.04.6

18.09.7-0ubuntu1~16.04.7

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "18.09.7-0ubuntu1~16.04.9+esm1",
            "binary_name": "docker-doc"
        },
        {
            "binary_version": "18.09.7-0ubuntu1~16.04.9+esm1",
            "binary_name": "docker.io"
        },
        {
            "binary_version": "18.09.7-0ubuntu1~16.04.9+esm1",
            "binary_name": "golang-docker-dev"
        },
        {
            "binary_version": "18.09.7-0ubuntu1~16.04.9+esm1",
            "binary_name": "golang-github-docker-docker-dev"
        },
        {
            "binary_version": "18.09.7-0ubuntu1~16.04.9+esm1",
            "binary_name": "vim-syntax-docker"
        }
    ]
}

Ubuntu:18.04:LTS / docker.io

Package

Name: docker.io
Purl: pkg:deb/ubuntu/docker.io?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.10.7-0ubuntu1~18.04.2

Affected versions

1.*

1.13.1-0ubuntu6

17.*

17.03.2-0ubuntu1

17.03.2-0ubuntu3

17.03.2-0ubuntu5

17.12.1-0ubuntu1

18.*

18.06.1-0ubuntu1~18.04.1

18.06.1-0ubuntu1.2~18.04.1

18.09.2-0ubuntu1~18.04.1

18.09.5-0ubuntu1~18.04.2

18.09.7-0ubuntu1~18.04.1

18.09.7-0ubuntu1~18.04.3

18.09.7-0ubuntu1~18.04.4

19.*

19.03.6-0ubuntu1~18.04.1

19.03.6-0ubuntu1~18.04.2

19.03.6-0ubuntu1~18.04.3

20.*

20.10.2-0ubuntu1~18.04.2

20.10.2-0ubuntu1~18.04.3

20.10.7-0ubuntu1~18.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "20.10.7-0ubuntu1~18.04.2",
            "binary_name": "docker-doc"
        },
        {
            "binary_version": "20.10.7-0ubuntu1~18.04.2",
            "binary_name": "docker.io"
        },
        {
            "binary_version": "20.10.7-0ubuntu1~18.04.2",
            "binary_name": "golang-docker-dev"
        },
        {
            "binary_version": "20.10.7-0ubuntu1~18.04.2",
            "binary_name": "golang-github-docker-docker-dev"
        },
        {
            "binary_version": "20.10.7-0ubuntu1~18.04.2",
            "binary_name": "vim-syntax-docker"
        }
    ]
}

Ubuntu:20.04:LTS / docker.io

Package

Name: docker.io
Purl: pkg:deb/ubuntu/docker.io?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.10.7-0ubuntu1~20.04.2

Affected versions

19.*

19.03.2-0ubuntu1

19.03.6-0ubuntu1

19.03.8-0ubuntu1

19.03.8-0ubuntu1.20.04

19.03.8-0ubuntu1.20.04.1

19.03.8-0ubuntu1.20.04.2

20.*

20.10.2-0ubuntu1~20.04.2

20.10.2-0ubuntu1~20.04.3

20.10.7-0ubuntu1~20.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "20.10.7-0ubuntu1~20.04.2",
            "binary_name": "docker-doc"
        },
        {
            "binary_version": "20.10.7-0ubuntu1~20.04.2",
            "binary_name": "docker.io"
        },
        {
            "binary_version": "20.10.7-0ubuntu1~20.04.2",
            "binary_name": "golang-docker-dev"
        },
        {
            "binary_version": "20.10.7-0ubuntu1~20.04.2",
            "binary_name": "golang-github-docker-docker-dev"
        },
        {
            "binary_version": "20.10.7-0ubuntu1~20.04.2",
            "binary_name": "vim-syntax-docker"
        }
    ]
}