Docker Desktop Security Update Advisory (CVE-2024-8695, CVE-2024-8696)

Sep 19 2024

Overview

An update has been released to address vulnerabilities in Docker Desktop. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-8695, CVE-2024-8696

Docker Desktop versions: ~ 4.34.2 (excluded)

Resolved Vulnerabilities

Vulnerability that could allow malicious extensions to allow RCE via crafted extension descriptions/changes logs (CVE-2024-8695)

Vulnerability that could be exploited by a malicious extension to allow RCE via crafted extension publisher-url/additional-urls (CVE-2024-8696)

Vulnerability Patches

The following product-specific vulnerability patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-8695, CVE-2024-8696

Docker Desktop version: 4.34.2

References

[1] Docker Desktop release notes

https://docs.docker.com/desktop/release-notes/#4342

Docker Desktop Security Update Advisory (CVE-2024-8695, CVE-2024-8696)

Palo Alto Networks (PAN-OS,Cloud NGFW,Prisma Access,Prisma Access Browser,PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access,ActiveMQ Content Pack,Cortex XDR Agent) Family September 2024 Security Update Advisory

Mozilla Products September 2024 1st Security Update Advisory

Tags:

Palo Alto Networks (PAN-OS,Cloud NGFW,Prisma Access,Prisma Access Browser,PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access,ActiveMQ Content Pack,Cortex XDR Agent) Family September 2024 Security Update Advisory

Mozilla Products September 2024 1st Security Update Advisory