Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump github.com/docker/docker from 25.0.1+incompatible to 25.0.2+inco…
…mpatible (#876) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.1+incompatible to 25.0.2+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v25.0.2</h2> <h2>25.0.2</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.2">docker/cli, 25.0.2 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.2">moby/moby, 25.0.2 milestone</a></li> </ul> <h3>Security</h3> <p>This release contains security fixes for the following CVEs affecting Docker Engine and its components.</p> <table> <thead> <tr> <th>CVE</th> <th>Component</th> <th>Fix version</th> <th>Severity</th> </tr> </thead> <tbody> <tr> <td><a href="https://scout.docker.com/v/CVE-2024-21626">CVE-2024-21626</a></td> <td>runc</td> <td>1.1.12</td> <td>High, CVSS 8.6</td> </tr> <tr> <td><a href="https://scout.docker.com/v/CVE-2024-23651">CVE-2024-23651</a></td> <td>BuildKit</td> <td>1.12.5</td> <td>High, CVSS 8.7</td> </tr> <tr> <td><a href="https://scout.docker.com/v/CVE-2024-23652">CVE-2024-23652</a></td> <td>BuildKit</td> <td>1.12.5</td> <td>High, CVSS 8.7</td> </tr> <tr> <td><a href="https://scout.docker.com/v/CVE-2024-23653">CVE-2024-23653</a></td> <td>BuildKit</td> <td>1.12.5</td> <td>High, CVSS 7.7</td> </tr> <tr> <td><a href="https://scout.docker.com/v/CVE-2024-23650">CVE-2024-23650</a></td> <td>BuildKit</td> <td>1.12.5</td> <td>Medium, CVSS 5.5</td> </tr> <tr> <td><a href="https://scout.docker.com/v/CVE-2024-24557">CVE-2024-24557</a></td> <td>Docker Engine</td> <td>25.0.2</td> <td>Medium, CVSS 6.9</td> </tr> </tbody> </table> <p>The potential impacts of the above vulnerabilities include:</p> <ul> <li>Unauthorized access to the host filesystem</li> <li>Compromising the integrity of the build cache</li> <li>In the case of CVE-2024-21626, a scenario that could lead to full container escape</li> </ul> <p>For more information about the security issues addressed in this release, refer to the <a href="https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/">blog post</a>. For details about each vulnerability, see the relevant security advisory:</p> <ul> <li><a href="https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv">CVE-2024-21626</a></li> <li><a href="https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv">CVE-2024-23651</a></li> <li><a href="https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8">CVE-2024-23652</a></li> <li><a href="https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g">CVE-2024-23653</a></li> <li><a href="https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx">CVE-2024-23650</a></li> <li><a href="https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc">CVE-2024-24557</a></li> </ul> <h3>Packaging updates</h3> <ul> <li>Upgrade containerd to <a href="https://github.com/containerd/containerd/releases/tag/v1.6.28">v1.6.28</a>.</li> <li>Upgrade containerd to v1.7.13 (static binaries only). <a href="https://redirect.github.com/moby/moby/pull/47280">moby/moby#47280</a></li> <li>Upgrade runc to v1.1.12. <a href="https://redirect.github.com/moby/moby/pull/47269">moby/moby#47269</a></li> <li>Upgrade Compose to v2.24.5. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/985">docker/docker-ce-packaging#985</a></li> <li>Upgrade BuildKit to v0.12.5. <a href="https://redirect.github.com/moby/moby/pull/47273">moby/moby#47273</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/moby/moby/commit/fce6e0ca9bc000888de3daa157af14fa41fcd0ff"><code>fce6e0c</code></a> Merge pull request from GHSA-xw73-rw38-6vjc</li> <li><a href="https://github.com/moby/moby/commit/d838e683006765c9c862c0f8b569ffaf6073f61f"><code>d838e68</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47269">#47269</a> from thaJeztah/25.0_backport_bump_runc_binary_1.1.12</li> <li><a href="https://github.com/moby/moby/commit/fa0d4159c7324a48c7d57649282fe50204f2ac9f"><code>fa0d415</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47280">#47280</a> from thaJeztah/25.0_backport_bump_containerd_binary...</li> <li><a href="https://github.com/moby/moby/commit/06e22dce46816aa04e3f32fa7863c3f8312f799e"><code>06e22dc</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47275">#47275</a> from vvoland/vendor-bk-0.12.5-25</li> <li><a href="https://github.com/moby/moby/commit/b73ee94289c1cbbb9f4c7c9732d17788e82e0017"><code>b73ee94</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47274">#47274</a> from thaJeztah/25.0_backport_bump_runc_1.1.12</li> <li><a href="https://github.com/moby/moby/commit/fd6a419ad53f5abd2f556897f3ce5ee021375e1b"><code>fd6a419</code></a> update containerd binary to v1.7.13</li> <li><a href="https://github.com/moby/moby/commit/13ce91825f383cac6829f45c6e76006700104fb2"><code>13ce918</code></a> vendor: github.com/moby/buildkit v0.12.5</li> <li><a href="https://github.com/moby/moby/commit/4b63c47c1e8b95aae95bacdf7c16d4aeaab92ad0"><code>4b63c47</code></a> vendor: github.com/opencontainers/runc v1.1.12</li> <li><a href="https://github.com/moby/moby/commit/4edb71bb83c35e40a3dcbb1dc1e8e74cfaf9b291"><code>4edb71b</code></a> update runc binary to v1.1.12</li> <li><a href="https://github.com/moby/moby/commit/667bc3f8038e89212a8a274e82eaf728e2ae2ed0"><code>667bc3f</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47265">#47265</a> from vvoland/ci-fix-makeps1-templatefail-25</li> <li>Additional commits viewable in <a href="https://github.com/docker/docker/compare/v25.0.1...v25.0.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
- Loading branch information
