[USN-8230-1] Docker vulnerabilities

========================================================================== Ubuntu Security Notice USN-8230-1 May 06, 2026 docker.io-app vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Docker. Software Description: - docker.io-app: Linux container runtime Details: It was discovered that BuildKit, contained within Docker, incorrectly handled file path validation when processing frontend API messages. An attacker could possibly use this issue to write files outside of the intended state directory. (CVE-2026-33747) It was discovered that BuildKit, contained within Docker, incorrectly validated the subdir component of Git URL fragments. An attacker could possibly use this issue to access files outside of the checked-out repository root. (CVE-2026-33748) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS docker.io 29.1.3-0ubuntu4.1 Ubuntu 24.04 LTS docker.io 29.1.3-0ubuntu3~24.04.2 Ubuntu 22.04 LTS docker.io 29.1.3-0ubuntu3~22.04.2 Ubuntu 20.04 LTS docker.io 26.1.3-0ubuntu1~20.04.1+esm2 Available with Ubuntu Pro After a standard system update you need to restart Docker to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8230-1 CVE-2026-33747, CVE-2026-33748 Package Information: https://launchpad.net/ubuntu/+source/docker.io-app/29.1.3-0ubuntu4.1 https://launchpad.net/ubuntu/+source/docker.io-app/29.1.3-0ubuntu3~24.04.2 https://launchpad.net/ubuntu/+source/docker.io-app/29.1.3-0ubuntu3~22.04.2