What is the severity of USN-7161-3?

The severity of USN-7161-3 is related to the vulnerability CVE-2024-41110, which impacts certain versions of the docker.io package in multiple Ubuntu releases.

How do I fix USN-7161-3?

To fix USN-7161-3, update the affected docker.io packages to the specified remedial versions for your Ubuntu distribution.

Which versions of Ubuntu are affected by USN-7161-3?

USN-7161-3 affects Ubuntu 20.04 LTS, 22.04 LTS, 24.04 LTS, and 24.10.

What packages are impacted by USN-7161-3?

USN-7161-3 impacts the docker.io package and its related golang-github-docker-docker-dev packages in various versions.

Is there a public reference for USN-7161-3?

Yes, details about USN-7161-3 can be found in the official Ubuntu security notices.

Vulnerability/
USN-7161-3

15/4/2025

USN-7161-3: Docker vulnerability

First published: Tue Apr 15 2025(Updated: )

USN-7161-1 and USN-7161-2 fixed CVE-2024-41110 for source package docker.io in Ubuntu 18.04 LTS and for source package docker.io-app in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. This update fixes it for source package docker.io in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. These updates only address the docker library and not the docker.io application itself, which was already patched in the previous USNs (USN-7161-1 and USN-7161-2). Original advisory details: Yair Zak discovered that Docker could unexpectedly forward DNS requests from internal networks in an unexpected manner. An attacker could possibly use this issue to exfiltrate data by encoding information in DNS queries to controlled nameservers. This issue was only addressed for the source package docker.io-app in Ubuntu 24.04 LTS. (CVE-2024-29018) Cory Snider discovered that Docker did not properly handle authorization plugin request processing. An attacker could possibly use this issue to bypass authorization controls by forwarding API requests without their full body, leading to unauthorized actions. This issue was only addressed for the source package docker.io-app in Ubuntu 24.10 and Ubuntu 24.04 LTS, and the source package docker.io in Ubuntu 18.04 LTS. (CVE-2024-41110)

Affected Software	Affected Version	How to fix
All of
ubuntu/golang-github-docker-docker-dev	<26.1.4+dfsg2-1ubuntu1.1	26.1.4+dfsg2-1ubuntu1.1
Ubuntu	=24.10
All of
ubuntu/golang-github-docker-docker-dev	<20.10.25+dfsg1-2ubuntu1+esm1	20.10.25+dfsg1-2ubuntu1+esm1
Ubuntu	=24.04
All of
ubuntu/golang-github-docker-docker-dev	<20.10.21-0ubuntu1~22.04.7+esm1	20.10.21-0ubuntu1~22.04.7+esm1
Ubuntu	=22.04
All of
ubuntu/golang-github-docker-docker-dev	<20.10.21-0ubuntu1~20.04.6+esm1	20.10.21-0ubuntu1~20.04.6+esm1
Ubuntu	=20.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

CVE-2024-41110

Frequently Asked Questions

What is the severity of USN-7161-3?
The severity of USN-7161-3 is related to the vulnerability CVE-2024-41110, which impacts certain versions of the docker.io package in multiple Ubuntu releases.
How do I fix USN-7161-3?
To fix USN-7161-3, update the affected docker.io packages to the specified remedial versions for your Ubuntu distribution.
Which versions of Ubuntu are affected by USN-7161-3?
USN-7161-3 affects Ubuntu 20.04 LTS, 22.04 LTS, 24.04 LTS, and 24.10.
What packages are impacted by USN-7161-3?
USN-7161-3 impacts the docker.io package and its related golang-github-docker-docker-dev packages in various versions.
Is there a public reference for USN-7161-3?
Yes, details about USN-7161-3 can be found in the official Ubuntu security notices.

collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/last-modified-date
agent/references
agent/source
agent/softwarecombine
agent/description
agent/tags
agent/title
agent/first-publish-date
agent/type
agent/event
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu
version/ubuntu/24.10
version/ubuntu/24.04
version/ubuntu/22.04
version/ubuntu/20.04