Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker version very old #1571

Open
felixlabrot opened this issue Nov 20, 2024 · 2 comments
Open

Docker version very old #1571

felixlabrot opened this issue Nov 20, 2024 · 2 comments
Labels
bug

Comments

@felixlabrot
Copy link

Describe the bug

The currently latest available version of Docker via TDNF is 24.0.9 which is over 11 months old and vulnerable to CVE-2024-41110. The Docker version should be upgraded to 27.1.1 or later asap to fix the CVSS 3 Score 9.9 vulnerability.

Reproduction steps

update Docker to the latest version with tdnf update

Expected behavior

have a nun-vulnerable Docker version in Photon OS

Additional context

GHSA-v23v-6jw2-98fq
@dcasota
Copy link
Contributor

dcasota commented Nov 21, 2024
edited
Loading

Afaik removed docker features and resulting regression issues are the reason for the pinning to 24.x.

moby/moby@852759a seems not included in 24.0.9, indeed. 24.0.9 is latest and hasn‘t been recently updated like 25/2627.

@YustasSwamp
Copy link

We are planning to move to the latest docker version in ph5.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@YustasSwamp @dcasota @felixlabrot