Docker Engine Security Update Advisory (CVE-2024-41110)

Jul 26 2024

Overview

Docker Engine has released an update to address a vulnerability in their products. Users of affected versions are advised to update to the latest version.

Affected Products

CVE-2024-41110

docker-ce versions: ~ 19.03.15 (inclusive)
docker-ce versions: ~ 20.10.27 (inclusive)
docker-ce versions: ~ 23.0.14 (inclusive)

docker-ce versions: ~ 24.0.9 (inclusive)
docker-ce versions: ~ 25.0.5 (inclusive)
docker-ce versions: ~ 26.0.2 (inclusive)
docker-ce versions: ~ 26.1.4 (inclusive)

docker-ce versions: ~ 27.0.3 (inclusive)
docker-ce versions: ~ 27.1.0 (inclusive)

Resolved Vulnerabilities

Security vulnerability that could allow bypassing the authorization plugin in certain versions of Docker Engine (CVE-2024-41110)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-41110

docker-ce versions: 23.0.14 or later
docker-ce versions: 26.1.4 or later
docker-ce versions: 27.1.0 or later

Referenced Sites

[1] CVE-2024-41110 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-41110

[2] Authz zero length regression

https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq

[3] Docker Security Advisory: AuthZ Plugin Bypass Regression in Docker Engine

https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/

Docker Engine Security Update Advisory (CVE-2024-41110)

BIND Product Security Update Advisory

Telerik Report Server Product Security Update Advisory (CVE-2024-6327)

Tags:

BIND Product Security Update Advisory

Telerik Report Server Product Security Update Advisory (CVE-2024-6327)