Fedora alert FEDORA-2026-3316f97296 (docker-compose)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 44 Update: docker-compose-5.1.4-1.fc44 | |
| Date: | Sat, 30 May 2026 00:55:41 +0000 | |
| Message-ID: | <20260530005541.0274480CC1@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3316f97296 2026-05-30 00:54:46.011360+00:00 -------------------------------------------------------------------------------- Name : docker-compose Product : Fedora 44 Version : 5.1.4 Release : 1.fc44 URL : https://github.com/docker/compose Summary : Define and run multi-container applications with Docker Description : Define and run multi-container applications with Docker. -------------------------------------------------------------------------------- Update Information: Update to release v5.1.4 Resolves: rhbz#2480186 Upstream fixes Update to release v5.1.3 Resolves rhbz#2458697 Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199 Resolves CVE-2026-33748: rhbz#2453089 Upstream fixes -------------------------------------------------------------------------------- ChangeLog: * Wed May 20 2026 Bradley G Smith <bradley.g.smith@gmail.com> - 5.1.4-1 - Update to release v5.1.4 - Resolves: rhbz#2480186 - Upstream fixes * Wed Apr 15 2026 Bradley G Smith <bradley.g.smith@gmail.com> - 5.1.3-1 - Update to release v5.1.3 - Resolves rhbz#2458697 - Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199 - Resolves CVE-2026-33748: rhbz#2453089 - Upstream fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #2452188 - CVE-2026-33747 docker-compose: BuildKit: Arbitrary file write and code execution via untrusted frontend [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2452188 [ 2 ] Bug #2452199 - CVE-2026-33747 docker-compose: BuildKit: Arbitrary file write and code execution via untrusted frontend [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2452199 [ 3 ] Bug #2453089 - CVE-2026-33748 docker-compose: BuildKit: Unauthorized file access via Git URL fragment subdir components [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453089 [ 4 ] Bug #2458697 - docker-compose-5.1.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2458697 [ 5 ] Bug #2480186 - docker-compose-5.1.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2480186 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3316f97296' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new