Moby and the Open Container Initiative (OCI) have released updates addressing multiple vulnerabilities in Docker-related components, specifically Moby BuildKit and OCI runc. These vulnerabilities, identified as CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, and CVE-2024-21626, could allow a cyber threat actor to gain control of affected systems. CISA urges users and administrators to review these advisories and apply the necessary updates to mitigate risks. Further details and guidance can be found in the advisories from Moby BuildKit and OCI runc, as well as a Snyk blog post.
For more information, visit CISA’s website.