USN-7161-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-7161-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7161-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-7161-1

Related

Published

2024-12-16T13:56:40.586561Z

Modified

2024-12-16T13:56:40.586561Z

Summary

Docker vulnerabilities

Details

Yair Zak discovered that Docker could unexpectedly forward DNS requests from internal networks in an unexpected manner. An attacker could possibly use this issue to exfiltrate data by encoding information in DNS queries to controlled nameservers. This issue was only addressed in Ubuntu 24.04 LTS. (CVE-2024-29018)

Cory Snider discovered that Docker did not properly handle authorization plugin request processing. An attacker could possibly use this issue to bypass authorization controls by forwarding API requests without their full body, leading to unauthorized actions. (CVE-2024-41110)

References

Affected packages

Ubuntu:Pro:18.04:LTS / docker.io

Package

Name: docker.io
Purl: pkg:deb/ubuntu/docker.io?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.10.21-0ubuntu1~18.04.3+esm1

Affected versions

1.*

1.13.1-0ubuntu6

17.*

17.03.2-0ubuntu1

17.03.2-0ubuntu3

17.03.2-0ubuntu5

17.12.1-0ubuntu1

18.*

18.06.1-0ubuntu1~18.04.1

18.06.1-0ubuntu1.2~18.04.1

18.09.2-0ubuntu1~18.04.1

18.09.5-0ubuntu1~18.04.2

18.09.7-0ubuntu1~18.04.1

18.09.7-0ubuntu1~18.04.3

18.09.7-0ubuntu1~18.04.4

19.*

19.03.6-0ubuntu1~18.04.1

19.03.6-0ubuntu1~18.04.2

19.03.6-0ubuntu1~18.04.3

20.*

20.10.2-0ubuntu1~18.04.2

20.10.2-0ubuntu1~18.04.3

20.10.7-0ubuntu1~18.04.1

20.10.7-0ubuntu1~18.04.2

20.10.7-0ubuntu5~18.04.2

20.10.7-0ubuntu5~18.04.3

20.10.12-0ubuntu2~18.04.1

20.10.21-0ubuntu1~18.04.2

20.10.21-0ubuntu1~18.04.3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "20.10.21-0ubuntu1~18.04.3+esm1",
            "binary_name": "docker-doc"
        },
        {
            "binary_version": "20.10.21-0ubuntu1~18.04.3+esm1",
            "binary_name": "docker.io"
        },
        {
            "binary_version": "20.10.21-0ubuntu1~18.04.3+esm1",
            "binary_name": "golang-docker-dev"
        },
        {
            "binary_version": "20.10.21-0ubuntu1~18.04.3+esm1",
            "binary_name": "golang-github-docker-docker-dev"
        },
        {
            "binary_version": "20.10.21-0ubuntu1~18.04.3+esm1",
            "binary_name": "vim-syntax-docker"
        }
    ]
}

Ubuntu:24.10 / docker.io-app

Package

Name: docker.io-app
Purl: pkg:deb/ubuntu/docker.io-app?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

26.1.3-0ubuntu1.1

Affected versions

24.*

24.0.7-0ubuntu4

26.*

26.1.3-0ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "26.1.3-0ubuntu1.1",
            "binary_name": "docker-doc"
        },
        {
            "binary_version": "26.1.3-0ubuntu1.1",
            "binary_name": "docker.io"
        },
        {
            "binary_version": "26.1.3-0ubuntu1.1",
            "binary_name": "docker.io-dbgsym"
        }
    ]
}

Ubuntu:Pro:24.04:LTS / docker.io-app

Package

Name: docker.io-app
Purl: pkg:deb/ubuntu/docker.io-app?arch=src?distro=esm-apps/noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

26.1.3-0ubuntu1~24.04.1+esm1

Affected versions

24.*

24.0.5-0ubuntu1

24.0.7-0ubuntu1

24.0.7-0ubuntu2

24.0.7-0ubuntu3

24.0.7-0ubuntu4

24.0.7-0ubuntu4.1

26.*

26.1.3-0ubuntu1~24.04.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "26.1.3-0ubuntu1~24.04.1+esm1",
            "binary_name": "docker-doc"
        },
        {
            "binary_version": "26.1.3-0ubuntu1~24.04.1+esm1",
            "binary_name": "docker.io"
        },
        {
            "binary_version": "26.1.3-0ubuntu1~24.04.1+esm1",
            "binary_name": "docker.io-dbgsym"
        }
    ]
}