Remote Docker 24 Patch for Docker Leaky Vessels

Hi all,

I wanted to share an update related to the recent runc and BuildKit CVEs [more here: Runc and Buildkit CVE update: CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, CVE-2024-23653].

We have taken additional steps to patch the docker24 image. For customers running remote docker, no additional action is needed. Remote docker jobs run on an isolated machine dedicated to that job. Customers have root access to this machine by design.

This fix addresses the concern for customers who are running untrusted images in a remote docker environment.

We have released a patch for the docker24 image to address the CVEs related to Docker Leaky Vessels. Customers will get this update automatically if they are using remote docker with tags:

  • docker-docker24
  • docker-current
  • docker-default

Due to our internal systems sharing the 22.04 image with remote docker we will be releasing a patch version for our ubuntu-2204 image. Our default linux image will be updated as well to this new image and can be pinned to this new patch with below tag:

  • ubuntu-2204:2024.01.1

Please visit our portal if you have any questions or concerns.