SUSE-SU-2024:4319-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2024/suse-su-20244319-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:4319-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:4319-1
Related
Published
2024-12-13T20:16:47Z
Modified
2025-05-02T04:35:31.509641Z
Upstream
Summary
Security update for docker
Details

This update for docker fixes the following issues:

  • Update docker-buildx to v0.19.2. See upstream changelog online at https://github.com/docker/buildx/releases/tag/v0.19.2.

    Some notable changelogs from the last update:

  • Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker (which creates special mounts in /run/secrets to allow container-suseconnect to authenticate containers with registries on registered hosts). bsc#1231348 bsc#1232999

    In order to disable these mounts, just do

    echo 0 > /etc/docker/suse-secrets-enable

    and restart Docker. In order to re-enable them, just do

    echo 1 > /etc/docker/suse-secrets-enable

    and restart Docker. Docker will output information on startup to tell you whether the SUSE secrets feature is enabled or not.

  • Disable docker-buildx builds for SLES. It turns out that build containers with docker-buildx don't currently get the SUSE secrets mounts applied, meaning that container-suseconnect doesn't work when building images. bsc#1233819

  • Remove DOCKERNETWORKOPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases.

  • Allow a parallel docker-stable RPM to exists in repositories.

  • Update to docker-buildx v0.17.1 to match standalone docker-buildx package we are replacing. See upstream changelog online at https://github.com/docker/buildx/releases/tag/v0.17.1

  • Allow users to disable SUSE secrets support by setting DOCKERSUSESECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)

  • Mark docker-buildx as required since classic 'docker build' has been deprecated since Docker 23.0. (bsc#1230331)

  • Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate package, but with docker-stable it will be necessary to maintain the packages together and it makes more sense to have them live in the same OBS package. (bsc#1230333)

  • Update to Docker 26.1.5-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/26.1/#2615 bsc#1230294

  • This update includes fixes for:

    • CVE-2024-41110. bsc#1228324
    • CVE-2023-47108. bsc#1217070 bsc#1229806
    • CVE-2023-45142. bsc#1228553 bsc#1229806

  • Update to Docker 26.1.4-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/26.1/#2614

  • Update to Docker 26.1.0-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/26.1/#2610

  • Update --add-runtime to point to correct binary path.

References

Affected packages

SUSE:Linux Enterprise Server 12 SP5-LTSS / docker

Package

Name
docker
Purl
pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
26.1.5_ce-98.120.1

Ecosystem specific 

{
    "binaries": [
        {
            "docker-bash-completion": "26.1.5_ce-98.120.1",
            "docker": "26.1.5_ce-98.120.1"
        }
    ]
}

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / docker

Package

Name
docker
Purl
pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
26.1.5_ce-98.120.1

Ecosystem specific 

{
    "binaries": [
        {
            "docker-bash-completion": "26.1.5_ce-98.120.1",
            "docker": "26.1.5_ce-98.120.1"
        }
    ]
}