diff --git a/VERSION-vendor b/VERSION-vendor
index 395642b67e2b1ad21d830b4b9d4de6e94c392505..0c7afbabf5f8d9458250a672d9f3d2721fade79f 100644
--- a/VERSION-vendor
+++ b/VERSION-vendor
@@ -1 +1 @@
-18.09.0.338
+18.09.0.339
diff --git a/docker.spec b/docker.spec
index ae3bebe782e337b2e37c300902221ba1af601988..6a520e2d80d1b03c13ce290fb56582d1df074cf6 100644
--- a/docker.spec
+++ b/docker.spec
@@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 338
+Release: 339
 Epoch: 2
 Summary: The open-source application container engine
 Group: Tools/Docker
@@ -227,6 +227,12 @@ fi
 %endif
 
 %changelog
+* Fri Jul 26 2024 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-339
+- Type:CVE
+- CVE:CVE-2024-41110
+- SUG:NA
+- DESC:fix CVE-2024-41110
+
 * Mon Jul 15 2024 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-338
 - Type:bugfix
 - CVE:NA
diff --git a/git-commit b/git-commit
index 7297e2e45c3538e21045d96132f45841bda877ed..e388660c31f56790138a77f4b0a6ff7fbd2a2aa9 100644
--- a/git-commit
+++ b/git-commit
@@ -1 +1 @@
-a08d4cca7068a32e0d0af533c6e01aacc3f525ff
+bb54f3063f3fc856630a6f3d5a52bf065d5eb045
diff --git a/patch/0277-backport-fix-CVE-2024-41110.patch b/patch/0277-backport-fix-CVE-2024-41110.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a07ebebb63b75add22808e0f5c7c81f76614ee48
--- /dev/null
+++ b/patch/0277-backport-fix-CVE-2024-41110.patch
@@ -0,0 +1,169 @@
+From fc274cd2ff4cf3b48c91697fb327dd1fb95588fb Mon Sep 17 00:00:00 2001
+From: Jameson Hyde <jameson.hyde@docker.com>
+Date: Mon, 26 Nov 2018 14:15:22 -0500
+Subject: [PATCH] Authz plugin security fixes for 0-length content and path
+ validation Signed-off-by: Jameson Hyde <jameson.hyde@docker.com>
+
+fix comments
+
+(cherry picked from commit 9659c3a52bac57e615b5fb49b0652baca448643e)
+Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
+Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
+---
+ components/engine/pkg/authorization/authz.go  | 38 ++++++++++++--
+ .../pkg/authorization/authz_unix_test.go      | 49 +++++++++++++++++--
+ 2 files changed, 80 insertions(+), 7 deletions(-)
+
+diff --git a/components/engine/pkg/authorization/authz.go b/components/engine/pkg/authorization/authz.go
+index a1edbcd8..f63b8851 100644
+--- a/components/engine/pkg/authorization/authz.go
++++ b/components/engine/pkg/authorization/authz.go
+@@ -7,6 +7,8 @@ import (
+ 	"io"
+ 	"mime"
+ 	"net/http"
++	"net/url"
++	"regexp"
+ 	"strings"
+ 
+ 	"github.com/docker/docker/pkg/ioutils"
+@@ -52,10 +54,23 @@ type Ctx struct {
+ 	authReq *Request
+ }
+ 
++func isChunked(r *http.Request) bool {
++	//RFC 7230 specifies that content length is to be ignored if Transfer-Encoding is chunked
++	if strings.ToLower(r.Header.Get("Transfer-Encoding")) == "chunked" {
++		return true
++	}
++	for _, v := range r.TransferEncoding {
++		if 0 == strings.Compare(strings.ToLower(v), "chunked") {
++			return true
++		}
++	}
++	return false
++}
++
+ // AuthZRequest authorized the request to the docker daemon using authZ plugins
+ func (ctx *Ctx) AuthZRequest(w http.ResponseWriter, r *http.Request) error {
+ 	var body []byte
+-	if sendBody(ctx.requestURI, r.Header) && r.ContentLength > 0 && r.ContentLength < maxBodySize {
++	if sendBody(ctx.requestURI, r.Header) && (r.ContentLength > 0 || isChunked(r)) && r.ContentLength < maxBodySize {
+ 		var err error
+ 		body, r.Body, err = drainBody(r.Body)
+ 		if err != nil {
+@@ -108,7 +123,6 @@ func (ctx *Ctx) AuthZResponse(rm ResponseModifier, r *http.Request) error {
+ 	if sendBody(ctx.requestURI, rm.Header()) {
+ 		ctx.authReq.ResponseBody = rm.RawBody()
+ 	}
+-
+ 	for _, plugin := range ctx.plugins {
+ 		logrus.Debugf("AuthZ response using plugin %s", plugin.Name())
+ 
+@@ -146,10 +160,26 @@ func drainBody(body io.ReadCloser) ([]byte, io.ReadCloser, error) {
+ 	return nil, newBody, err
+ }
+ 
++func isAuthEndpoint(urlPath string) (bool, error) {
++	// eg www.test.com/v1.24/auth/optional?optional1=something&optional2=something (version optional)
++	matched, err := regexp.MatchString(`^[^\/]+\/(v\d[\d\.]*\/)?auth.*`, urlPath)
++	if err != nil {
++		return false, err
++	}
++	return matched, nil
++}
++
+ // sendBody returns true when request/response body should be sent to AuthZPlugin
+-func sendBody(url string, header http.Header) bool {
++func sendBody(inURL string, header http.Header) bool {
++	u, err := url.Parse(inURL)
++	// Assume no if the URL cannot be parsed - an empty request will still be forwarded to the plugin and should be rejected
++	if err != nil {
++		return false
++	}
++
+ 	// Skip body for auth endpoint
+-	if strings.HasSuffix(url, "/auth") {
++	isAuth, err := isAuthEndpoint(u.Path)
++	if isAuth || err != nil {
+ 		return false
+ 	}
+ 
+diff --git a/components/engine/pkg/authorization/authz_unix_test.go b/components/engine/pkg/authorization/authz_unix_test.go
+index cfdb9a00..0fc51d32 100644
+--- a/components/engine/pkg/authorization/authz_unix_test.go
++++ b/components/engine/pkg/authorization/authz_unix_test.go
+@@ -174,8 +174,8 @@ func TestDrainBody(t *testing.T) {
+ 
+ func TestSendBody(t *testing.T) {
+ 	var (
+-		url       = "nothing.com"
+ 		testcases = []struct {
++			url         string
+ 			contentType string
+ 			expected    bool
+ 		}{
+@@ -219,15 +219,58 @@ func TestSendBody(t *testing.T) {
+ 				contentType: "",
+ 				expected:    false,
+ 			},
++			{
++				url:         "nothing.com/auth",
++				contentType: "",
++				expected:    false,
++			},
++			{
++				url:         "nothing.com/auth",
++				contentType: "application/json;charset=UTF8",
++				expected:    false,
++			},
++			{
++				url:         "nothing.com/auth?p1=test",
++				contentType: "application/json;charset=UTF8",
++				expected:    false,
++			},
++			{
++				url:         "nothing.com/test?p1=/auth",
++				contentType: "application/json;charset=UTF8",
++				expected:    true,
++			},
++			{
++				url:         "nothing.com/something/auth",
++				contentType: "application/json;charset=UTF8",
++				expected:    true,
++			},
++			{
++				url:         "nothing.com/auth/test",
++				contentType: "application/json;charset=UTF8",
++				expected:    false,
++			},
++			{
++				url:         "nothing.com/v1.24/auth/test",
++				contentType: "application/json;charset=UTF8",
++				expected:    false,
++			},
++			{
++				url:         "nothing.com/v1/auth/test",
++				contentType: "application/json;charset=UTF8",
++				expected:    false,
++			},
+ 		}
+ 	)
+ 
+ 	for _, testcase := range testcases {
+ 		header := http.Header{}
+ 		header.Set("Content-Type", testcase.contentType)
++		if testcase.url == "" {
++			testcase.url = "nothing.com"
++		}
+ 
+-		if b := sendBody(url, header); b != testcase.expected {
+-			t.Fatalf("Unexpected Content-Type; Expected: %t, Actual: %t", testcase.expected, b)
++		if b := sendBody(testcase.url, header); b != testcase.expected {
++			t.Fatalf("sendBody failed: url: %s, content-type: %s; Expected: %t, Actual: %t", testcase.url, testcase.contentType, testcase.expected, b)
+ 		}
+ 	}
+ }
+-- 
+2.33.0
+
diff --git a/series.conf b/series.conf
index 40447f1aa1d02b9fab7de742cd75c83db664c019..1ae40a6237e016b3d840af9de83a143299f9defc 100644
--- a/series.conf
+++ b/series.conf
@@ -274,4 +274,5 @@ patch/0273-backport-fix-CVE-2024-24557.patch
 patch/0274-docker-fix-CVE-2024-29018.patch
 patch/0275-backport-fix-CVE-2024-32473.patch
 patch/0276-docker-Ignore-SIGURG-on-Linux.patch
+patch/0277-backport-fix-CVE-2024-41110.patch
 #end