UBUNTU-CVE-2021-41089
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2021-41089
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-41089.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-41089
- Related
- Published
- 2021-10-04T00:00:00Z
- Modified
- 2021-10-04T00:00:00Z
- Severity
-
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using
docker cpinto a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. - References
Affected packages
Ubuntu:18.04:LTS / docker.io
Package
- Name
- docker.io
- Purl
- pkg:deb/ubuntu/docker.io@20.10.7-0ubuntu1~18.04.2?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20.10.7-0ubuntu1~18.04.2
Affected versions
1.*
1.13.1-0ubuntu6
17.*
17.03.2-0ubuntu1
17.03.2-0ubuntu3
17.03.2-0ubuntu5
17.12.1-0ubuntu1
18.*
18.06.1-0ubuntu1~18.04.1
18.06.1-0ubuntu1.2~18.04.1
18.09.2-0ubuntu1~18.04.1
18.09.5-0ubuntu1~18.04.2
18.09.7-0ubuntu1~18.04.1
18.09.7-0ubuntu1~18.04.3
18.09.7-0ubuntu1~18.04.4
19.*
19.03.6-0ubuntu1~18.04.1
19.03.6-0ubuntu1~18.04.2
19.03.6-0ubuntu1~18.04.3
20.*
20.10.2-0ubuntu1~18.04.2
20.10.2-0ubuntu1~18.04.3
20.10.7-0ubuntu1~18.04.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"docker-doc": "20.10.7-0ubuntu1~18.04.2",
"docker.io": "20.10.7-0ubuntu1~18.04.2",
"golang-github-docker-docker-dev": "20.10.7-0ubuntu1~18.04.2",
"golang-docker-dev": "20.10.7-0ubuntu1~18.04.2",
"vim-syntax-docker": "20.10.7-0ubuntu1~18.04.2"
}
]
}
Ubuntu:20.04:LTS / docker.io
Package
- Name
- docker.io
- Purl
- pkg:deb/ubuntu/docker.io@20.10.7-0ubuntu1~20.04.2?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20.10.7-0ubuntu1~20.04.2
Affected versions
19.*
19.03.2-0ubuntu1
19.03.6-0ubuntu1
19.03.8-0ubuntu1
19.03.8-0ubuntu1.20.04
19.03.8-0ubuntu1.20.04.1
19.03.8-0ubuntu1.20.04.2
20.*
20.10.2-0ubuntu1~20.04.2
20.10.2-0ubuntu1~20.04.3
20.10.7-0ubuntu1~20.04.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"docker-doc": "20.10.7-0ubuntu1~20.04.2",
"docker.io": "20.10.7-0ubuntu1~20.04.2",
"golang-github-docker-docker-dev": "20.10.7-0ubuntu1~20.04.2",
"golang-docker-dev": "20.10.7-0ubuntu1~20.04.2",
"vim-syntax-docker": "20.10.7-0ubuntu1~20.04.2"
}
]
}
Ubuntu:22.04:LTS / docker.io
Package
- Name
- docker.io
- Purl
- pkg:deb/ubuntu/docker.io@20.10.7-0ubuntu7?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20.10.7-0ubuntu7
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"docker-doc": "20.10.7-0ubuntu7",
"docker.io": "20.10.7-0ubuntu7",
"golang-github-docker-docker-dev": "20.10.7-0ubuntu7",
"golang-docker-dev": "20.10.7-0ubuntu7",
"vim-syntax-docker": "20.10.7-0ubuntu7"
}
]
}