Bug#1110476: marked as done (Docker Hub Debian image contains CVE-2024-3094 backdoor)
Your message dated Wed, 6 Aug 2025 10:23:48 -0400
with message-id <aJNldPe39Ty12Oo5@doom.morgul.net>
and subject line Re: Bug#1110476: Docker Hub Debian image contains CVE-2024-3094 backdoor
has caused the Debian Bug report #1110476,
regarding Docker Hub Debian image contains CVE-2024-3094 backdoor
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1110476: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110476
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: cloud.debian.org
Version: N/A
X-Debbugs-CC: fabio@binarly.io, alex@binarly.io
Hi,
This month, we identified that ten Debian official base images
published on Docker Hub still contained one of the xz-utils backdoors
(CVE-2024-3094).
Could you please remove these images from Docker Hub?
Affected Image Tags & Manifest Digests:
- rc-buggy-20240311
(a702c7f4bb57a17762e258871f45f8273ae49bec5515452d5133e66450c95ba5)
- experimental-20240311
(81992d9d8eb99b5cde98ba557a38a171e047b222a767dc7ec0ffe0a194b1c469)
- unstable-20240311-slim
(7a3332fbf100a0ef9762ead20a4224665768b237c5bfedfe0f86bf88e0c13b7a)
- unstable-20240311
(8690225da3ca369e9be720446f73e0aa06f290776fdf2605b6ec80c2b229b9f6)
- trixie-20240311-slim
(d4e306f14b8b7389b36be8fb0eadab638cb7744546a33a74f0fc27bb9037dc14)
- trixie-20240311
(85068c773f7fcc9c9acd8f244759cb2131e7a1775c5bf8d6710f76e7467fa3f1)
- testing-20240311-slim
(c2e15dd5788b20f360ab3f2d8b60111b6e8b011c5c4960e0129551c743f5cd30)
- testing-20240311
(0746d89c588160d0470beaae7a55e38305ede06cb5717d132bd6a795610234d8)
- sid-20240311-slim
(94596b0770714bac6e8adef7e1d3dbc16245ad2978f94006587e44850343cb88)
- sid-20240311 (0aff2113f50451631f0f8c22d85c97aad855d73545b6018fcbe9f0a78ae26583)
All images contain the same backdoor sample:
https://www.virustotal.com/gui/file/319feb5a9cddd81955d915b5632b4a5f8f9080281fb46e2f6d69d53f693c23ae
Thanks,
Takahiro
--- End Message ---
--- Begin Message ---
On Wed, Aug 06, 2025 at 11:10:00PM +0900, Takahiro Haruyama wrote:
> This month, we identified that ten Debian official base images
> published on Docker Hub still contained one of the xz-utils backdoors
> (CVE-2024-3094).
> Could you please remove these images from Docker Hub?
>
> Affected Image Tags & Manifest Digests:
> - rc-buggy-20240311
> (a702c7f4bb57a17762e258871f45f8273ae49bec5515452d5133e66450c95ba5)
> - experimental-20240311
> (81992d9d8eb99b5cde98ba557a38a171e047b222a767dc7ec0ffe0a194b1c469)
> - unstable-20240311-slim
> (7a3332fbf100a0ef9762ead20a4224665768b237c5bfedfe0f86bf88e0c13b7a)
> - unstable-20240311
> (8690225da3ca369e9be720446f73e0aa06f290776fdf2605b6ec80c2b229b9f6)
> - trixie-20240311-slim
> (d4e306f14b8b7389b36be8fb0eadab638cb7744546a33a74f0fc27bb9037dc14)
> - trixie-20240311
> (85068c773f7fcc9c9acd8f244759cb2131e7a1775c5bf8d6710f76e7467fa3f1)
> - testing-20240311-slim
> (c2e15dd5788b20f360ab3f2d8b60111b6e8b011c5c4960e0129551c743f5cd30)
> - testing-20240311
> (0746d89c588160d0470beaae7a55e38305ede06cb5717d132bd6a795610234d8)
> - sid-20240311-slim
> (94596b0770714bac6e8adef7e1d3dbc16245ad2978f94006587e44850343cb88)
> - sid-20240311 (0aff2113f50451631f0f8c22d85c97aad855d73545b6018fcbe9f0a78ae26583)
>
> All images contain the same backdoor sample:
> https://www.virustotal.com/gui/file/319feb5a9cddd81955d915b5632b4a5f8f9080281fb46e2f6d69d53f693c23ae
The cloud team doesn't maintain these images and can't help with this.
You need to report this to the container image maintainers at
https://github.com/debuerreotype/docker-debian-artifacts/issues
noah
--- End Message ---
Reply to: