==================================================================== CERT-Renater Note d'Information No. 2021/VULN066 _____________________________________________________________________ DATE : 03/02/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Docker Engine versions prior to 20.10.3, 19.03.15. ===================================================================== https://docs.docker.com/engine/release-notes/ https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8 https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc _____________________________________________________________________ Docker Engine release notes This document describes the latest changes, additions, known issues, and fixes for Docker Engine. Note: The client and container runtime are now in separate packages from the daemon in Docker Engine 18.09. Users should install and update all three packages at the same time to get the latest patch releases. For example, on Ubuntu: sudo apt install docker-ce docker-ce-cli containerd.io. See the install instructions for the corresponding linux distro for details. Version 20.10 20.10.3 2021-02-01 Security CVE-2021-21285 Prevent an invalid image from crashing docker daemon CVE-2021-21284 Lock down file permissions to prevent remapped root from accessing docker state Ensure AppArmor and SELinux profiles are applied when building with BuildKit Client Check contexts before importing them to reduce risk of extracted files escaping context store Windows: prevent executing certain binaries from current directory docker/cli#2950 _____________________________________________________________________ Severity moderate Packages docker-ce Affected versions < 19.03.15, < 20.10.3 Patched versions 19.03.15, 20.10.3 CVE identifier CVE-2021-21285 Impact Pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Patches Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. Credits Maintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the vulnerability and Brad Geesaman for responsibly disclosing it to security@docker.com. Credits @bgeesaman bgeesaman Brad Geesaman @joshlarsen joshlarsen Josh Larsen @IanColdwater IanColdwater Ian Coldwater @mauilion mauilion Duffie Cooley @raesene raesene Rory McCune @cpuguy83 cpuguy83 Brian Goff _____________________________________________________________________ Access to remapped root allows privilege escalation to real root tiborvass published GHSA-7452-xqpj-6rpc Feb 2, 2021 Severity low Packages docker-ce Affected versions < 19.03.15, < 20.10.3 Patched versions 19.03.15, 20.10.3 CVE identifier CVE-2021-21284 Impact When using --userns-remap, if the root user in the remapped namespace has access to the host filesystem they can modify files under /var/lib /docker/ that cause writing files with extended privileges. Patches Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. Credits Maintainers would like to thank Alex Chapman for discovering the vulnerability; @awprice, @nathanburrell, @raulgomis, @chris-walz, @erin-jensby, @BassMatt, @mark-adams, @dbaxa for working on it and Zac Ellis for responsibly disclosing it to security@docker.com Credits @ajxchapman ajxchapman Alex Chapman @awprice awprice Alex Price @nathanburrell nathanburrell @raulgomis raulgomis Raúl Gomis @chris-walz chris-walz @mark-adams mark-adams Mark Adams @dbaxa dbaxa David Black @cpuguy83 cpuguy83 Brian Goff ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================