CVE 2021-41089
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.
Related bugs and status
CVE-2021-41089 (Candidate) is related to these bugs:
Bug #1938908: Backport the container stack in Impish
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1938908 | Backport the container stack in Impish | docker.io (Ubuntu) | Undecided | Invalid | ||
1938908 | Backport the container stack in Impish | docker.io (Ubuntu Hirsute) | Undecided | Fix Released | ||
1938908 | Backport the container stack in Impish | docker.io (Ubuntu Bionic) | Undecided | Fix Released | ||
1938908 | Backport the container stack in Impish | docker.io (Ubuntu Focal) | Undecided | Fix Released | ||
1938908 | Backport the container stack in Impish | containerd (Ubuntu) | Undecided | Invalid | ||
1938908 | Backport the container stack in Impish | containerd (Ubuntu Bionic) | Undecided | Fix Released | ||
1938908 | Backport the container stack in Impish | containerd (Ubuntu Focal) | Undecided | Fix Released | ||
1938908 | Backport the container stack in Impish | containerd (Ubuntu Hirsute) | Undecided | Fix Released | ||
1938908 | Backport the container stack in Impish | runc (Ubuntu) | Undecided | Invalid | ||
1938908 | Backport the container stack in Impish | runc (Ubuntu Bionic) | Undecided | Fix Released | ||
1938908 | Backport the container stack in Impish | runc (Ubuntu Focal) | Undecided | Fix Released | ||
1938908 | Backport the container stack in Impish | runc (Ubuntu Hirsute) | Undecided | Fix Released | ||
1938908 | Backport the container stack in Impish | golang-github-ishidawataru-sctp (Ubuntu) | Undecided | Invalid | ||
1938908 | Backport the container stack in Impish | golang-github-ishidawataru-sctp (Ubuntu Bionic) | Undecided | Fix Released | ||
1938908 | Backport the container stack in Impish | golang-github-ishidawataru-sctp (Ubuntu Focal) | Undecided | Invalid | ||
1938908 | Backport the container stack in Impish | golang-github-ishidawataru-sctp (Ubuntu Hirsute) | Undecided | Invalid | ||
1938908 | Backport the container stack in Impish | golang-github-containers-image (Ubuntu) | Undecided | Invalid | ||
1938908 | Backport the container stack in Impish | golang-github-containers-image (Ubuntu Bionic) | Undecided | Invalid | ||
1938908 | Backport the container stack in Impish | golang-github-containers-image (Ubuntu Focal) | Undecided | Invalid | ||
1938908 | Backport the container stack in Impish | golang-github-containers-image (Ubuntu Hirsute) | Undecided | Fix Released | ||
1938908 | Backport the container stack in Impish | opengcs (Ubuntu) | Undecided | Invalid | ||
1938908 | Backport the container stack in Impish | opengcs (Ubuntu Bionic) | Undecided | Fix Released | ||
1938908 | Backport the container stack in Impish | opengcs (Ubuntu Focal) | Undecided | Fix Released | ||
1938908 | Backport the container stack in Impish | opengcs (Ubuntu Hirsute) | Undecided | Fix Released | ||
1938908 | Backport the container stack in Impish | golang-github-containers-storage (Ubuntu) | Undecided | Invalid | ||
1938908 | Backport the container stack in Impish | golang-github-containers-storage (Ubuntu Bionic) | Undecided | Invalid | ||
1938908 | Backport the container stack in Impish | golang-github-containers-storage (Ubuntu Focal) | Undecided | Fix Released | ||
1938908 | Backport the container stack in Impish | golang-github-containers-storage (Ubuntu Hirsute) | Undecided | Fix Released | ||
1938908 | Backport the container stack in Impish | golang-github-containers-common (Ubuntu) | Undecided | Invalid | ||
1938908 | Backport the container stack in Impish | golang-github-containers-common (Ubuntu Bionic) | Undecided | Invalid | ||
1938908 | Backport the container stack in Impish | golang-github-containers-common (Ubuntu Focal) | Undecided | Invalid | ||
1938908 | Backport the container stack in Impish | golang-github-containers-common (Ubuntu Hirsute) | Undecided | Fix Released | ||
1938908 | Backport the container stack in Impish | golang-github-containers-buildah (Ubuntu) | Undecided | Invalid | ||
1938908 | Backport the container stack in Impish | golang-github-containers-buildah (Ubuntu Bionic) | Undecided | Invalid | ||
1938908 | Backport the container stack in Impish | golang-github-containers-buildah (Ubuntu Focal) | Undecided | Invalid | ||
1938908 | Backport the container stack in Impish | golang-github-containers-buildah (Ubuntu Hirsute) | Undecided | Fix Released |
Bug #1943049: Docker ubuntu:impish: Problem executing scripts DPkg::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
See the
CVE page on Mitre.org
for more details.