StackPatch is liveSee product

Back to CVE digest
Ubuntu USN · USN-8230-1

Docker vulnerabilities

Published: Wed, 06 May 2026 03:28

CVE-2026-33748CVE-2026-33747

Summary

Several security issues were fixed in Docker.

Details

It was discovered that BuildKit, contained within Docker, incorrectly handled file path validation when processing frontend API messages. An attacker could possibly use this issue to write files outside of the intended state directory. (CVE-2026-33747) It was discovered that BuildKit, contained within Docker, incorrectly validated the subdir component of Git URL fragments. An attacker could possibly use this issue to access files outside of the checked-out repository root. (CVE-2026-33748)

Recommended actions per Ubuntu release

StackPatch playbook auto-generated per release codename and per affected package.

Ubuntu focal

  • docker.io-app26.1.3-0ubuntu1~20.04.1+esm2apt_upgrade

    Standard apt upgrade. Install 26.1.3-0ubuntu1~20.04.1+esm2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y docker.io-app

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • docker-doc26.1.3-0ubuntu1~20.04.1+esm2apt_upgrade

    Standard apt upgrade. Install 26.1.3-0ubuntu1~20.04.1+esm2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y docker-doc

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • docker.io26.1.3-0ubuntu1~20.04.1+esm2apt_upgrade

    Standard apt upgrade. Install 26.1.3-0ubuntu1~20.04.1+esm2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y docker.io

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu jammy

  • docker.io-app29.1.3-0ubuntu3~22.04.2apt_upgrade

    Standard apt upgrade. Install 29.1.3-0ubuntu3~22.04.2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y docker.io-app

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • docker-doc29.1.3-0ubuntu3~22.04.2apt_upgrade

    Standard apt upgrade. Install 29.1.3-0ubuntu3~22.04.2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y docker-doc

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • docker.io29.1.3-0ubuntu3~22.04.2apt_upgrade

    Standard apt upgrade. Install 29.1.3-0ubuntu3~22.04.2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y docker.io

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu noble

  • docker.io-app29.1.3-0ubuntu3~24.04.2apt_upgrade

    Standard apt upgrade. Install 29.1.3-0ubuntu3~24.04.2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y docker.io-app

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • docker-doc29.1.3-0ubuntu3~24.04.2apt_upgrade

    Standard apt upgrade. Install 29.1.3-0ubuntu3~24.04.2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y docker-doc

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • docker.io29.1.3-0ubuntu3~24.04.2apt_upgrade

    Standard apt upgrade. Install 29.1.3-0ubuntu3~24.04.2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y docker.io

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu resolute

  • docker.io-app29.1.3-0ubuntu4.1apt_upgrade

    Standard apt upgrade. Install 29.1.3-0ubuntu4.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y docker.io-app

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • docker-doc29.1.3-0ubuntu4.1apt_upgrade

    Standard apt upgrade. Install 29.1.3-0ubuntu4.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y docker-doc

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • docker.io29.1.3-0ubuntu4.1apt_upgrade

    Standard apt upgrade. Install 29.1.3-0ubuntu4.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y docker.io

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Are YOU affected by USN-8230-1?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8230-1 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash
Form-based quickscan Read the bash source first
Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.

Buy lifetime →See StackPatch →Live audit log →