Tuesday, October 5, 2021

Ubuntu Security Notice USN-5103-1

Ubuntu Security Notice USN-5103-1
October 04, 2021

docker.io vulnerability
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM


Docker could be made to adjust the permissions of files.

Software Description:
- docker.io: Linux container runtime


Lei Wang and Ruizhi Xiao discovered that the Moby Docker engine in
Docker incorrectly allowed the docker cp command to make permissions
changes in the host filesystem in some situations. A local attacker
could possibly use to this to expose sensitive information or gain
administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
docker.io 20.10.7-0ubuntu1~21.04.2

Ubuntu 20.04 LTS:
docker.io 20.10.7-0ubuntu1~20.04.2

Ubuntu 18.04 LTS:
docker.io 20.10.7-0ubuntu1~18.04.2

Ubuntu 16.04 ESM:
docker.io 18.09.7-0ubuntu1~16.04.9+esm1

In general, a standard system update will make all the necessary changes.


Package Information:

Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore