 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.12.2025.7474.1 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-7474-1) |
| Summary: | The remote host is missing an update for the 'docker.io' package(s) announced via the USN-7474-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'docker.io' package(s) announced via the USN-7474-1 advisory. Vulnerability Insight: Cory Snider discovered that Docker incorrectly handled networking packet encapsulation. An attacker could use this issue to inject internet packets in established connection, possibly causing a denial of service or bypassing firewall protections. This issue only affected Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. (CVE-2023-28840, CVE-2023-28841, CVE-2023-28842) Rory McNamara discovered that Docker incorrectly handled cache in the BuildKit toolkit. An attacker could possibly use this issue to expose sensitive information. (CVE-2024-23651) It was discovered that Docker incorrectly handled parallel operations in some circumstances, which could possibly lead to undefined behavior. (CVE-2024-36621, CVE-2024-36623) Rory McNamara discovered that Docker incorrectly verified file paths during a certain command in the BuildKit toolkit. An attacker could possibly use this issue to delete arbitrary files from the system. (CVE-2024-23652) Affected Software/OS: 'docker.io' package(s) on Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04. Solution: Please install the updated package(s). CVSS Score: 9.4 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-28840 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/ https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333 https://github.com/moby/moby/issues/43382 https://github.com/moby/moby/pull/45118 https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237 https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw Common Vulnerability Exposure (CVE) ID: CVE-2023-28841 https://github.com/moby/libnetwork/blob/d9fae4c73daf76c3b0f77e14b45b8bf612ba764d/drivers/overlay/encryption.go#L205-L207 Common Vulnerability Exposure (CVE) ID: CVE-2023-28842 Common Vulnerability Exposure (CVE) ID: CVE-2024-23651 https://github.com/moby/buildkit/pull/4604 https://github.com/moby/buildkit/releases/tag/v0.12.5 https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv Common Vulnerability Exposure (CVE) ID: CVE-2024-23652 https://github.com/moby/buildkit/pull/4603 https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8 Common Vulnerability Exposure (CVE) ID: CVE-2024-36621 Common Vulnerability Exposure (CVE) ID: CVE-2024-36623 |
| Copyright | Copyright (C) 2025 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |