OESA-2022-1936

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1936

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2022-1936.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2022-1936

Upstream

CVE-2022-36109

Published

2022-09-23T11:04:19Z

Modified

2025-08-12T05:14:28.161629Z

Summary

docker security update

Details

Docker is an open source project to build, ship and run any application as a lightweight container.

Security Fix(es):

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the "USER $USERNAME" Dockerfile instruction. Instead by calling ENTRYPOINT ["su", "-", "user"] the supplementary groups will be set up properly.(CVE-2022-36109)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / docker

Package

Name: docker
Purl: pkg:rpm/openEuler/docker&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

engine-18.09.0-243.oe1

Ecosystem specific

{
    "x86_64": [
        "docker-engine-18.09.0-243.oe1.x86_64.rpm"
    ],
    "src": [
        "docker-engine-18.09.0-243.oe1.src.rpm"
    ],
    "aarch64": [
        "docker-engine-18.09.0-243.oe1.aarch64.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / docker

Package

Name: docker
Purl: pkg:rpm/openEuler/docker&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

engine-18.09.0-243.oe1

Ecosystem specific

{
    "x86_64": [
        "docker-engine-18.09.0-243.oe1.x86_64.rpm"
    ],
    "src": [
        "docker-engine-18.09.0-243.oe1.src.rpm"
    ],
    "aarch64": [
        "docker-engine-18.09.0-243.oe1.aarch64.rpm"
    ]
}

openEuler:22.03-LTS / docker

Package

Name: docker
Purl: pkg:rpm/openEuler/docker&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

engine-18.09.0-310.oe2203

Ecosystem specific

{
    "x86_64": [
        "docker-engine-18.09.0-310.oe2203.x86_64.rpm",
        "docker-engine-debuginfo-18.09.0-310.oe2203.x86_64.rpm",
        "docker-engine-debugsource-18.09.0-310.oe2203.x86_64.rpm"
    ],
    "src": [
        "docker-engine-18.09.0-310.oe2203.src.rpm"
    ],
    "aarch64": [
        "docker-engine-18.09.0-310.oe2203.aarch64.rpm",
        "docker-engine-debugsource-18.09.0-310.oe2203.aarch64.rpm",
        "docker-engine-debuginfo-18.09.0-310.oe2203.aarch64.rpm"
    ]
}