Package "docker.io"
| Name: |
docker.io
|
Description: |
Linux container runtime
|
| Latest version: |
29.1.3-0ubuntu4.1 |
| Release: |
resolute (26.04) |
| Level: |
updates |
| Repository: |
universe |
| Head package: |
docker.io-app |
| Homepage: |
https://mobyproject.org/ |
Links
Download "docker.io"
Other versions of "docker.io" in Resolute
Changelog
|
docker.io-app (29.1.3-0ubuntu4.1) resolute-security; urgency=medium
* SECURITY UPDATE: BuildKit path traversal
- debian/patches/CVE-2026-33747_1.patch: Validate container IDs centrally
in engine/vendor/.../buildkit/executor/containerdexecutor/executor.go,
engine/vendor/.../buildkit/executor/containerid.go,
engine/vendor/.../buildkit/executor/runcexecutor/executor.go.
- debian/patches/CVE-2026-33747_2.patch: Sanitize downloaded filenames in
engine/vendor/.../buildkit/source/http/source.go.
- debian/patches/CVE-2026-33747_3.patch: Use os.Root for saved file
operations in engine/vendor/.../buildkit/source/http/source.go.
- CVE-2026-33747
* SECURITY UPDATE: BuildKit path traversal
- debian/patches/CVE-2026-33748_1.patch: Harden ref arg handling in
engine/vendor/.../buildkit/source/git/source.go.
- debian/patches/CVE-2026-33748_2.patch: Normalize and validate subdir
paths in engine/vendor/.../buildkit/client/llb/source.go,
engine/vendor/.../buildkit/source/git/identifier.go,
engine/vendor/.../buildkit/source/git/source.go,
engine/vendor/.../buildkit/util/gitutil/git_url.go.
- CVE-2026-33748
-- Edwin Jiang <email address hidden> Wed, 29 Apr 2026 12:40:20 -0400
|
| CVE-2026-33747 |
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when |
| CVE-2026-33748 |
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insuf |
|
About
-
Send Feedback to @ubuntu_updates
