USN-5103-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-5103-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5103-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5103-1
Related
Published
2021-10-04T22:48:39.382089Z
Modified
2021-10-04T22:48:39.382089Z
Summary
docker.io vulnerability
Details

Lei Wang and Ruizhi Xiao discovered that the Moby Docker engine in Docker incorrectly allowed the docker cp command to make permissions changes in the host filesystem in some situations. A local attacker could possibly use to this to expose sensitive information or gain administrative privileges.

References

Affected packages

Ubuntu:18.04:LTS / docker.io

Package

Name
docker.io

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.10.7-0ubuntu1~18.04.2

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "golang-docker-dev": "20.10.7-0ubuntu1~18.04.2",
            "docker.io": "20.10.7-0ubuntu1~18.04.2",
            "golang-github-docker-docker-dev": "20.10.7-0ubuntu1~18.04.2",
            "vim-syntax-docker": "20.10.7-0ubuntu1~18.04.2",
            "docker-doc": "20.10.7-0ubuntu1~18.04.2"
        }
    ]
}

Ubuntu:20.04:LTS / docker.io

Package

Name
docker.io

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.10.7-0ubuntu1~20.04.2

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "golang-docker-dev": "20.10.7-0ubuntu1~20.04.2",
            "docker.io": "20.10.7-0ubuntu1~20.04.2",
            "golang-github-docker-docker-dev": "20.10.7-0ubuntu1~20.04.2",
            "vim-syntax-docker": "20.10.7-0ubuntu1~20.04.2",
            "docker-doc": "20.10.7-0ubuntu1~20.04.2"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / docker.io

Package

Name
docker.io

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
18.09.7-0ubuntu1~16.04.9+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "golang-docker-dev": "18.09.7-0ubuntu1~16.04.9+esm1",
            "docker.io": "18.09.7-0ubuntu1~16.04.9+esm1",
            "golang-github-docker-docker-dev": "18.09.7-0ubuntu1~16.04.9+esm1",
            "vim-syntax-docker": "18.09.7-0ubuntu1~16.04.9+esm1",
            "docker-doc": "18.09.7-0ubuntu1~16.04.9+esm1"
        }
    ]
}