[USN-5103-1] docker.io vulnerability

Steve Beattie steve.beattie at canonical.com
Tue Oct 5 00:08:14 UTC 2021

Ubuntu Security Notice USN-5103-1
October 04, 2021

docker.io vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM


Docker could be made to adjust the permissions of files.

Software Description:
- docker.io: Linux container runtime


Lei Wang and Ruizhi Xiao discovered that the Moby Docker engine in
Docker incorrectly allowed the docker cp command to make permissions
changes in the host filesystem in some situations. A local attacker
could possibly use to this to expose sensitive information or gain
administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
  docker.io                       20.10.7-0ubuntu1~21.04.2

Ubuntu 20.04 LTS:
  docker.io                       20.10.7-0ubuntu1~20.04.2

Ubuntu 18.04 LTS:
  docker.io                       20.10.7-0ubuntu1~18.04.2

Ubuntu 16.04 ESM:
  docker.io                       18.09.7-0ubuntu1~16.04.9+esm1

In general, a standard system update will make all the necessary changes.


Package Information:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20211004/36f69902/attachment.sig>

More information about the ubuntu-security-announce mailing list