- Vulnerability/
- USN-7161-2
USN-7161-2: Docker vulnerabilities
First published: Tue Feb 18 2025(Updated: )
USN-7161-1 fixed CVE-2024-29018 in Ubuntu 24.04 LTS. This update fixes it in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. USN-7161-1 fixed CVE-2024-41110 in Ubuntu 24.10, Ubuntu 24.04 LTS, and Ubuntu 18.04 LTS. This updates fixes it in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Original advisory details: Yair Zak discovered that Docker could unexpectedly forward DNS requests from internal networks in an unexpected manner. An attacker could possibly use this issue to exfiltrate data by encoding information in DNS queries to controlled nameservers. This issue was only addressed in Ubuntu 24.04 LTS. (CVE-2024-29018) Cory Snider discovered that Docker did not properly handle authorization plugin request processing. An attacker could possibly use this issue to bypass authorization controls by forwarding API requests without their full body, leading to unauthorized actions. (CVE-2024-41110)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/docker.io | <26.1.3-0ubuntu1~22.04.1+esm1 | 26.1.3-0ubuntu1~22.04.1+esm1 |
| Ubuntu | =22.04 | |
| All of | ||
| ubuntu/docker.io | <26.1.3-0ubuntu1~20.04.1+esm1 | 26.1.3-0ubuntu1~20.04.1+esm1 |
| Ubuntu | =20.04 | |
| All of | ||
| ubuntu/docker.io | <20.10.21-0ubuntu1~18.04.3+esm2 | 20.10.21-0ubuntu1~18.04.3+esm2 |
| Ubuntu | =18.04 | |
| All of | ||
| ubuntu/docker.io | <18.09.7-0ubuntu1~16.04.9+esm2 | 18.09.7-0ubuntu1~16.04.9+esm2 |
| Ubuntu | =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What vulnerabilities are addressed in USN-7161-2?
USN-7161-2 addresses CVE-2024-29018 and CVE-2024-41110 in multiple Ubuntu versions including 16.04, 18.04, 20.04, and 22.04.
How do I fix USN-7161-2?
To fix USN-7161-2, update the docker.io package to the specified versions for your Ubuntu release.
Which versions of Ubuntu are affected by USN-7161-2?
USN-7161-2 affects Ubuntu 16.04, 18.04, 20.04, and 22.04 LTS.
What is the severity of USN-7161-2?
The severity of USN-7161-2 is determined by the impact of CVE-2024-29018 and CVE-2024-41110, which can vary based on the specific configurations of the affected systems.
Is it mandatory to update for USN-7161-2?
While not mandatory, it is highly recommended to update to mitigate potential security risks associated with the vulnerabilities.
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/title
- agent/last-modified-date
- agent/source
- agent/description
- agent/type
- agent/references
- agent/tags
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/22.04
- version/ubuntu/20.04
- version/ubuntu/18.04
- version/ubuntu/16.04