Docker Engine v29.6.2: Security fixes and dependency updates
securityinfraengineer
security
Docker Engine v29.6.2 addresses multiple security vulnerabilities within the buildkit component, mitigating risks of command injection and unauthorized file operations. The release also includes updates to core dependencies like containerd and the Go runtime. These patches are crucial for maintaining the security posture of Docker environments and are relevant to all users running Docker Engine.
- →Git source checkout from a bundle file could lead to command injection. GHSA-hw3h-2gp9-cxpv
- →Incorrect parameters sent from a frontend could cause a panic. GHSA-qx3x-mv6r-52p6
- →An LLB file operation could be tricked into removing the contents of the /tmp directory. GHSA-32pv-7hq5-qhwq
- →A malicious client could bypass destination directory validation when uploading local sources. GHSA-g2h8-426c-7976
- →A WCOW cache mount source selector could resolve NTFS junctions outside of the cache root. GHSA-388v-wmr2-g2v2
Security (5) ›
- Git source checkout from a bundle file could lead to command injection. GHSA-hw3h-2gp9-cxpv
- Incorrect parameters sent from a frontend could cause a panic. GHSA-qx3x-mv6r-52p6
- An LLB file operation could be tricked into removing the contents of the /tmp directory. GHSA-32pv-7hq5-qhwq
- A malicious client could bypass destination directory validation when uploading local sources. GHSA-g2h8-426c-7976
- A WCOW cache mount source selector could resolve NTFS junctions outside of the cache root. GHSA-388v-wmr2-g2v2
Read the original announcement →
https://github.com/moby/moby/releases/tag/docker-v29.6.2
Related releases
- Docker Compose v5.2.0 releases with new reconciliation algorithm Docker Compose Releases ·
- Docker Engine 29.6.1 addresses security vulnerabilities and updates components Docker Engine Releases ·
- Docker Compose v5.3.0 Adds Init Containers Docker Compose Releases ·
- Docker Compose v5.3.1: CI hardening and dependency updates Docker Compose Releases ·
- Docker 29.6.0: New API endpoint, image attestations, and networking fixes Docker Engine Releases ·
- Moby API v1.55.0 adds image attestations and container update options Docker Engine Releases ·