4 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-23653
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as buil...
Security update for docker-compose
This update for docker-compose fixes the following issues: Update to version 2.33.1: Improvements Add support for gwpriority, enableipv4 requires docker v28.0 by @thaJeztah in 12570 Fixes Run watch standalone if menu fails to start by @ndeloof in 12536 Report error using non-file secret|config wi...
Race Condition (Leaky Vessels)
Overview Affected versions of this package are vulnerable to Race Condition Leaky Vessels in the subpath mounting when two malicious build steps are running in parallel and sharing the same cache mounts. This can lead to files from the host system being accessible to the build container. Workarou...
Improper Link Resolution Before File Access (Leaky Vessels)
Overview Affected versions of this package are vulnerable to Improper Link Resolution Before File Access Leaky Vessels allowing arbitrary file deletion on the host system. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for th...