Advisories » MGASA-2025-0189

Updated docker packages fix security vulnerability

Publication date: 24 Jun 2025
Modification date: 24 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-29018

Description

External DNS requests from 'internal' networks could lead to data
exfiltration - CVE-2024-29018
We can't determine if docker 24.0.5 is affected but as it is no longer
supported we are releasing version 25.0.7, as it is supported and free of
the CVE.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33870
• External DNS requests from 'internal' networks could lead to data
• https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx
• https://github.com/moby/moby/releases/tag/v25.0.7
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29018

SRPMS

9/core

• docker-25.0.7-1.mga9