BuildKit Security Update Advisory (CVE-2024-23652, CVE-2024-23653)

Feb 02 2024

Overview

An update has been made available to fix vulnerabilities in BuildKit. Users of affected versions are advised to update to the latest version.

Affected Products

All versions of BuildKit 0.12.4 and earlier

Resolved Vulnerabilities

Out-of-container file removal vulnerability in the BuildKit frontend (CVE-2024-23652)
Improper authorization validation vulnerability in BuildKit’s interactive container API (CVE-2024-23653)

Vulnerability Patches

Vulnerability patches were made available in the February 2 update. Please follow the instructions on the reference site to update to the latest vulnerability patch version.

BuildKit version 0.12.5

Referenced Sites

[1] Possible host system access from mount stub cleaner
https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8
[2] Interactive containers API does not validate entitlements check
https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g

BuildKit Security Update Advisory (CVE-2024-23652, CVE-2024-23653)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

GNU glibc Library Security Update Advisory (CVE-2023-6246)

Apache Pulsar Security Update Advisory (CVE-2023-51437)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

GNU glibc Library Security Update Advisory (CVE-2023-6246)

Apache Pulsar Security Update Advisory (CVE-2023-51437)