[SECURITY-L] Critical Updates for Multiple Vulnerabilities Affecting Docker-related Components
CSIRT Unicamp
security em unicamp.br
Sexta Fevereiro 2 09:12:17 -03 2024
Alert
Moby and Open Container Initiative Release Critical Updates for Multiple
Vulnerabilities Affecting Docker-related Components
Release Date
February 01, 2024
Related topics:
Cyber Threats and Advisories
Moby and the Open Container Initiative (OCI) have released updates for
multiple vulnerabilities (CVE-2024-23651, CVE-2024-23652, CVE-2024-23653,
CVE-2024-21626) affecting Docker-related components, including Moby
BuildKit and OCI runc. A cyber threat actor could exploit these
vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the advisories from Moby
BuildKit
(CVE-2024-23651, CVE-2024-23652, CVE-2024-23653) and OCI runc
(CVE-2024-21626), as well as the Snyk blog post
CVE-2024-23651 <https://nvd.nist.gov/vuln/detail/CVE-2024-23651> Score 8,7
High
CVE-2024-23652 <https://nvd.nist.gov/vuln/detail/CVE-2024-23652>Score 10
Critical
CVE-2024-23653 <https://nvd.nist.gov/vuln/detail/CVE-2024-23653>Score 9,8
Critical
CVE-2024-21626 <https://nvd.nist.gov/vuln/detail/CVE-2024-21626> Score 8,6
High
===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20240202/96e771c0/attachment-0001.html>
Mais detalhes sobre a lista de discussão SECURITY-L