USN-4856-1: docker-credential-helpers vulnerability
15 March 2021
docker-credential-helpers could be made to crash if it received specially crafted input.
Releases
Packages
Details
Jasiel Spelman discovered that docker-credential-helpers has a double free. A
local attacker could use this to cause a denial of service (crash) or possibly
execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
golang-docker-credential-helpers
-
0.5.0-2ubuntu0.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-4103-1: golang-docker-credential-helpers, golang-github-docker-docker-credential-helpers
- USN-4103-2: golang-github-docker-docker-dev, golang-docker-dev, docker-doc, docker.io, vim-syntax-docker