SUSE-SU-2023:4936-1
- Source
- https://www.suse.com/support/update/announcement/2023/suse-su-20234936-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2023:4936-1
- Related
- Published
- 2023-12-20T16:18:41Z
- Modified
- 2023-12-20T16:18:41Z
- Summary
- Security update for docker, rootlesskit
- Details
-
This update for docker, rootlesskit fixes the following issues:
docker:
Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
- Deny containers access to /sys/devices/virtual/powercap by default.
- CVE-2020-8694 bsc#1170415
- CVE-2020-8695 bsc#1170446
- CVE-2020-12912 bsc#1178760
- Deny containers access to /sys/devices/virtual/powercap by default.
Update to Docker 24.0.6-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323
Add a docker.socket unit file, but with socket activation effectively disabled to ensure that Docker will always run even if you start the socket individually. Users should probably just ignore this unit file. bsc#1210141
Update to Docker 24.0.5-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229
This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180)
rootlesskit:
- new package, for docker rootless support. (jsc#PED-6180)
- References
-
- https://www.suse.com/support/update/announcement/2023/suse-su-20234936-1/
- https://bugzilla.suse.com/1170415
- https://bugzilla.suse.com/1170446
- https://bugzilla.suse.com/1178760
- https://bugzilla.suse.com/1210141
- https://bugzilla.suse.com/1213229
- https://bugzilla.suse.com/1213500
- https://bugzilla.suse.com/1215323
- https://bugzilla.suse.com/1217513
- https://www.suse.com/security/cve/CVE-2020-12912
- https://www.suse.com/security/cve/CVE-2020-8694
- https://www.suse.com/security/cve/CVE-2020-8695
Affected packages
SUSE:Linux Enterprise Micro 5.3 / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.3
SUSE:Linux Enterprise Micro 5.4 / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.4
SUSE:Linux Enterprise Micro 5.5 / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.5
SUSE:Linux Enterprise Module for Containers 15 SP4 / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4
SUSE:Linux Enterprise Module for Containers 15 SP4 / rootlesskit
Package
- Name
- rootlesskit
- Purl
- purl:rpm/suse/rootlesskit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4
SUSE:Linux Enterprise Module for Containers 15 SP5 / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP5
SUSE:Linux Enterprise Module for Containers 15 SP5 / rootlesskit
Package
- Name
- rootlesskit
- Purl
- purl:rpm/suse/rootlesskit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP5
SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS
SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS
SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOS / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS
SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
SUSE:Linux Enterprise Server 15 SP1-LTSS / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS
SUSE:Linux Enterprise Server 15 SP2-LTSS / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS
SUSE:Linux Enterprise Server 15 SP3-LTSS / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS
SUSE:Linux Enterprise Server for SAP Applications 15 SP1 / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1
SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2
SUSE:Linux Enterprise Server for SAP Applications 15 SP3 / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
SUSE:Linux Enterprise Micro 5.1 / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.1
SUSE:Linux Enterprise Micro 5.2 / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
SUSE:Enterprise Storage 7.1 / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Enterprise%20Storage%207.1
openSUSE:Leap Micro 5.3 / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=openSUSE%20Leap%20Micro%205.3
openSUSE:Leap Micro 5.4 / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=openSUSE%20Leap%20Micro%205.4
openSUSE:Leap 15.4 / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=openSUSE%20Leap%2015.4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed24.0.7_ce-150000.190.4
Ecosystem specific
{
"binaries": [
{
"docker-zsh-completion": "24.0.7_ce-150000.190.4",
"docker-bash-completion": "24.0.7_ce-150000.190.4",
"docker-rootless-extras": "24.0.7_ce-150000.190.4",
"docker": "24.0.7_ce-150000.190.4",
"docker-fish-completion": "24.0.7_ce-150000.190.4",
"rootlesskit": "1.1.1-150000.1.3.3"
}
]
}
openSUSE:Leap 15.4 / rootlesskit
Package
- Name
- rootlesskit
- Purl
- purl:rpm/suse/rootlesskit&distro=openSUSE%20Leap%2015.4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.1.1-150000.1.3.3
Ecosystem specific
{
"binaries": [
{
"docker-zsh-completion": "24.0.7_ce-150000.190.4",
"docker-bash-completion": "24.0.7_ce-150000.190.4",
"docker-rootless-extras": "24.0.7_ce-150000.190.4",
"docker": "24.0.7_ce-150000.190.4",
"docker-fish-completion": "24.0.7_ce-150000.190.4",
"rootlesskit": "1.1.1-150000.1.3.3"
}
]
}
openSUSE:Leap 15.5 / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=openSUSE%20Leap%2015.5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed24.0.7_ce-150000.190.4
Ecosystem specific
{
"binaries": [
{
"docker-zsh-completion": "24.0.7_ce-150000.190.4",
"docker-bash-completion": "24.0.7_ce-150000.190.4",
"docker-rootless-extras": "24.0.7_ce-150000.190.4",
"docker": "24.0.7_ce-150000.190.4",
"docker-fish-completion": "24.0.7_ce-150000.190.4",
"rootlesskit": "1.1.1-150000.1.3.3"
}
]
}
openSUSE:Leap 15.5 / rootlesskit
Package
- Name
- rootlesskit
- Purl
- purl:rpm/suse/rootlesskit&distro=openSUSE%20Leap%2015.5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.1.1-150000.1.3.3
Ecosystem specific
{
"binaries": [
{
"docker-zsh-completion": "24.0.7_ce-150000.190.4",
"docker-bash-completion": "24.0.7_ce-150000.190.4",
"docker-rootless-extras": "24.0.7_ce-150000.190.4",
"docker": "24.0.7_ce-150000.190.4",
"docker-fish-completion": "24.0.7_ce-150000.190.4",
"rootlesskit": "1.1.1-150000.1.3.3"
}
]
}