USN-7161-3

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-7161-3

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7161-3.json

JSON Data

https://api.osv.dev/v1/vulns/USN-7161-3

Related

Published

2025-04-15T14:05:08.175787Z

Modified

2025-04-15T14:05:08.175787Z

Summary

Docker vulnerability

Details

USN-7161-1 and USN-7161-2 fixed CVE-2024-41110 for source package docker.io in Ubuntu 18.04 LTS and for source package docker.io-app in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. This update fixes it for source package docker.io in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. These updates only address the docker library and not the docker.io application itself, which was already patched in the previous USNs (USN-7161-1 and USN-7161-2).

Original advisory details:

Yair Zak discovered that Docker could unexpectedly forward DNS requests from internal networks in an unexpected manner. An attacker could possibly use this issue to exfiltrate data by encoding information in DNS queries to controlled nameservers. This issue was only addressed for the source package docker.io-app in Ubuntu 24.04 LTS. (CVE-2024-29018)

Cory Snider discovered that Docker did not properly handle authorization plugin request processing. An attacker could possibly use this issue to bypass authorization controls by forwarding API requests without their full body, leading to unauthorized actions. This issue was only addressed for the source package docker.io-app in Ubuntu 24.10 and Ubuntu 24.04 LTS, and the source package docker.io in Ubuntu 18.04 LTS. (CVE-2024-41110)

References

Affected packages

Ubuntu:Pro:20.04:LTS / docker.io

Package

Name: docker.io
Purl: pkg:deb/ubuntu/docker.io@20.10.21-0ubuntu1~20.04.6+esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.10.21-0ubuntu1~20.04.6+esm1

Affected versions

19.*

19.03.2-0ubuntu1

19.03.6-0ubuntu1

19.03.8-0ubuntu1

19.03.8-0ubuntu1.20.04

19.03.8-0ubuntu1.20.04.1

19.03.8-0ubuntu1.20.04.2

20.*

20.10.2-0ubuntu1~20.04.2

20.10.2-0ubuntu1~20.04.3

20.10.7-0ubuntu1~20.04.1

20.10.7-0ubuntu1~20.04.2

20.10.7-0ubuntu5~20.04.1

20.10.7-0ubuntu5~20.04.2

20.10.12-0ubuntu2~20.04.1

20.10.21-0ubuntu1~20.04.1

20.10.21-0ubuntu1~20.04.2

20.10.21-0ubuntu1~20.04.4

20.10.21-0ubuntu1~20.04.5

20.10.21-0ubuntu1~20.04.6

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "20.10.21-0ubuntu1~20.04.6+esm1",
            "binary_name": "golang-docker-dev"
        },
        {
            "binary_version": "20.10.21-0ubuntu1~20.04.6+esm1",
            "binary_name": "golang-github-docker-docker-dev"
        },
        {
            "binary_version": "20.10.21-0ubuntu1~20.04.6+esm1",
            "binary_name": "vim-syntax-docker"
        }
    ]
}

Ubuntu:Pro:22.04:LTS / docker.io

Package

Name: docker.io
Purl: pkg:deb/ubuntu/docker.io@20.10.21-0ubuntu1~22.04.7+esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.10.21-0ubuntu1~22.04.7+esm1

Affected versions

20.*

20.10.7-0ubuntu5

20.10.7-0ubuntu7

20.10.12-0ubuntu1

20.10.12-0ubuntu2

20.10.12-0ubuntu3

20.10.12-0ubuntu3+gke1.24.1

20.10.12-0ubuntu4

20.10.21-0ubuntu1~22.04.2

20.10.21-0ubuntu1~22.04.3

20.10.21-0ubuntu1~22.04.5

20.10.21-0ubuntu1~22.04.6

20.10.21-0ubuntu1~22.04.7

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "20.10.21-0ubuntu1~22.04.7+esm1",
            "binary_name": "golang-docker-dev"
        },
        {
            "binary_version": "20.10.21-0ubuntu1~22.04.7+esm1",
            "binary_name": "golang-github-docker-docker-dev"
        },
        {
            "binary_version": "20.10.21-0ubuntu1~22.04.7+esm1",
            "binary_name": "vim-syntax-docker"
        }
    ]
}

Ubuntu:24.10 / docker.io

Package

Name: docker.io
Purl: pkg:deb/ubuntu/docker.io@26.1.4+dfsg2-1ubuntu1.1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

26.1.4+dfsg2-1ubuntu1.1

Affected versions

20.*

20.10.25+dfsg1-2ubuntu1

20.10.25+dfsg1-3ubuntu1

26.*

26.1.4+dfsg2-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "26.1.4+dfsg2-1ubuntu1.1",
            "binary_name": "golang-github-docker-docker-dev"
        }
    ]
}

Ubuntu:Pro:24.04:LTS / docker.io

Package

Name: docker.io
Purl: pkg:deb/ubuntu/docker.io@20.10.25+dfsg1-2ubuntu1+esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.10.25+dfsg1-2ubuntu1+esm1

Affected versions

20.*

20.10.24+dfsg1-1ubuntu2

20.10.25+dfsg1-2ubuntu1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "20.10.25+dfsg1-2ubuntu1+esm1",
            "binary_name": "golang-github-docker-docker-dev"
        }
    ]
}