SUSE-SU-2025:03540-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-202503540-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03540-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:03540-1
Upstream
  • CVE-2014-3499
Related
Published
2025-10-10T19:04:02Z
Modified
2025-10-11T14:02:33.019191Z
Summary
Security update for docker-stable
Details

This update for docker-stable fixes the following issues:

  • Include historical changelog data from before the docker-stable fork. The initial changelog entry did technically provide all the necessary information, but our CVE tracking tools do not understand how the package is forked and so it seems that this package does not include fixes for ~12 years of updates. So, include a copy of the original package's changelog up until the fork point. (bsc#1250596)

  • Remove git-core recommends on SLE. Most SLE systems have installRecommends=yes by default and thus end up installing git with Docker. bsc#1250508

    This feature is mostly intended for developers ('docker build git://') so most users already have the dependency installed, and the error when git is missing is fairly straightforward (so they can easily figure out what they need to install).

  • Backport https://github.com/moby/moby/pull/48517. bsc#1247362

  • Update to docker-buildx v0.25.0. Upstream changelog: https://github.com/docker/buildx/releases/tag/v0.25.0

  • Do not try to inject SUSEConnect secrets when in Rootless Docker mode, as Docker does not have permission to access the host zypper credentials in this mode (and unprivileged users cannot disable the feature using /etc/docker/suse-secrets-enable.) bsc#1240150

  • Initial docker-stable fork, forked from Docker 24.0.7-ce release (packaged on 2024-02-14). The original changelog is included below for historical reference.

References

Affected packages

SUSE:Linux Enterprise Server 12 SP5-LTSS / docker-stable

Package

Name
docker-stable
Purl
pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.9_ce-1.20.1

Ecosystem specific 

{
    "binaries": [
        {
            "docker-stable-bash-completion": "24.0.9_ce-1.20.1",
            "docker-stable": "24.0.9_ce-1.20.1"
        }
    ]
}

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / docker-stable

Package

Name
docker-stable
Purl
pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.9_ce-1.20.1

Ecosystem specific 

{
    "binaries": [
        {
            "docker-stable-bash-completion": "24.0.9_ce-1.20.1",
            "docker-stable": "24.0.9_ce-1.20.1"
        }
    ]
}