v25.0.2
25.0.2
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Security
This release contains security fixes for the following CVEs
affecting Docker Engine and its components.
CVE | Component | Fix version | Severity |
---|---|---|---|
CVE-2024-21626 | runc | 1.1.12 | High, CVSS 8.6 |
CVE-2024-23651 | BuildKit | 1.12.5 | High, CVSS 8.7 |
CVE-2024-23652 | BuildKit | 1.12.5 | High, CVSS 8.7 |
CVE-2024-23653 | BuildKit | 1.12.5 | High, CVSS 7.7 |
CVE-2024-23650 | BuildKit | 1.12.5 | Medium, CVSS 5.5 |
CVE-2024-24557 | Docker Engine | 25.0.2 | Medium, CVSS 6.9 |
The potential impacts of the above vulnerabilities include:
- Unauthorized access to the host filesystem
- Compromising the integrity of the build cache
- In the case of CVE-2024-21626, a scenario that could lead to full container escape
For more information about the security issues addressed in this release,
refer to the blog post.
For details about each vulnerability, see the relevant security advisory:
Packaging updates
- Upgrade containerd to v1.6.28.
- Upgrade containerd to v1.7.13 (static binaries only). moby/moby#47280
- Upgrade runc to v1.1.12. moby/moby#47269
- Upgrade Compose to v2.24.5. docker/docker-ce-packaging#985
- Upgrade BuildKit to v0.12.5. moby/moby#47273