Amazon Linux 2 Security Advisory: ALASNITRO-ENCLAVES-2023-022
Advisory Release Date: 2023-03-30 22:07 Pacific
Advisory Updated Date: 2023-04-05 20:52 Pacific
A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. (CVE-2022-36109)
Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any files within the Docker container. (CVE-2022-37708)
Affected Packages:
docker
Note:
This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update docker to update your system.
aarch64:
docker-20.10.22-1.amzn2.0.1.aarch64
docker-debuginfo-20.10.22-1.amzn2.0.1.aarch64
src:
docker-20.10.22-1.amzn2.0.1.src
x86_64:
docker-20.10.22-1.amzn2.0.1.x86_64
docker-debuginfo-20.10.22-1.amzn2.0.1.x86_64