Docker Engine 29.6.1 addresses security vulnerabilities and updates components
Docker Engine 29.6.1 is a patch release that addresses multiple security vulnerabilities, including issues with memory consumption and build container security protections. It also includes updates to core components like containerd and BuildKit. This release is recommended for all users, especially those concerned with security and stability.
Security (2) ›
A malicious image could supply a malicious /etc/passwd or /etc/group-style file causing excessive memory consumption, potentially resulting in process termination due to Out Of Memory (OOM) conditions. GHSA-mjcv-p78q-w5fw, GHSA-jpcc-p29g-p8mq, GHSA-72x6-4j93-7w86
A custom frontend could send a crafted build request that disabled Seccomp and AppArmor protections for the build container, even if the user did not explicitly allow the security.insecure entitlement. Other security measures, like Linux capabilities were still applied to these containers. GHSA-7236-3392-c5c6
https://github.com/moby/moby/releases/tag/docker-v29.6.1
Related releases
- Docker Compose v5.2.0 releases with new reconciliation algorithm Docker Compose Releases ·
- Docker Compose v5.3.0 Adds Init Containers Docker Compose Releases ·
- Docker Compose v5.3.1: CI hardening and dependency updates Docker Compose Releases ·
- Docker 29.6.0: New API endpoint, image attestations, and networking fixes Docker Engine Releases ·
- Moby API v1.55.0 adds image attestations and container update options Docker Engine Releases ·
- Moby Client 0.5.0: New endpoint for image attestations Docker Engine Releases ·