[ubuntu/bionic-security] docker.io 20.10.7-0ubuntu5~18.04.3 (Accepted)

Ray Veldkamp ray.veldkamp at canonical.com
Mon Nov 8 04:41:47 UTC 2021

docker.io (20.10.7-0ubuntu5~18.04.3) bionic-security; urgency=medium

  * SECURITY UPDATE: docker cli information disclosure on misconfiguration
    - d/p/CVE-2021-41092.patch: Ensure that default authentication config
      has an address.
    - CVE-2021-41092

docker.io (20.10.7-0ubuntu5~18.04.2) bionic; urgency=medium

  * d/t/control: make basic-smoke do not depend on debian-archive-keyring.
    In Bionic, when debian-archive-keyring is installed we are not able to
    debootstrap a Debian stable chroot. Removing this dependency make it
    work again.

docker.io (20.10.7-0ubuntu5~18.04.1) bionic; urgency=medium

  * Backport version 20.10.7-0ubuntu5 from Impish (LP: #1938908).
    - d/control: do not b-d on libbtrfs-dev, it is not available in Bionic.

docker.io (20.10.7-0ubuntu5) impish; urgency=medium

  [ Sergio Durigan Junior ]
  * d/t/docker-in-lxd:
    Improve dep8 test.  Make it run a more complex test against an
    ubuntu:devel docker container, especially because glibc updates might
    break docker.io.  Improve test reliability when running autopkgtest

  [ Steve Beattie ]
  * SECURITY UPDATE: insufficiently restricted directory permissions
    - d/p/CVE-2021-41091.patch: Lock down docker root dir perms.
    - CVE-2021-41091
  * SECURITY UPDATE: permissions modifications outside of install directory
    - d/p/CVE-2021-41089.patch: chrootarchive: don't create parent dirs
      outside of chroot.
    - CVE-2021-41089

docker.io (20.10.7-0ubuntu4) impish; urgency=medium

  * d/p/seccomp-add-support-for-clone3-syscall-in-default-policy.patch: Fix
    failure with new glibc clone3 syscall adding it to the default seccomp
    policy (LP: #1943049).

docker.io (20.10.7-0ubuntu3) impish; urgency=medium

  * d/t/docker-in-lxd:
    Perform a full upgrade and restart of the container before attempting
    to install docker.io. (LP: #1942276)

docker.io (20.10.7-0ubuntu2) impish; urgency=medium

  * Ship libnetwork into the golang-github-docker-docker-dev package.
    - d/golang-github-docker-docker-dev.install: add libnetwork directories.
    - d/control: add runtime dependency on golang-github-ishidawataru-sctp-dev

docker.io (20.10.7-0ubuntu1) impish; urgency=medium

  * New upstream release.
    - Among new features and bug fixes, the CVE-2021-21284 and CVE-2021-21285
      were addressed.
  * d/watch: adjust regex to correctly match the tarball files.
  * d/rules: make some improvements.
    - Adjust regex in the build-manpages target due to some upstream changes.
    - Separately install the systemd service and socket.
    - Tell dh_installsystemd to not stop the service during the upgrade.
      The previous implementation worked fine until debhelper compat 10 where
      dh_systemd_start was still a thing. In compat 11, it was deprecated
      which means that piece of code was not called.

Date: 2021-11-01 00:52:09.288871+00:00
Changed-By: Ray Veldkamp <ray.veldkamp at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list