openSUSE-SU-2021:1954-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:1954-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2021:1954-1
Related
Published
2021-07-10T13:50:39Z
Modified
2021-07-10T13:50:39Z
Summary
Security update for containerd, docker, runc
Details

This update for containerd, docker, runc fixes the following issues:

Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594)

  • Switch version to use -ce suffix rather than _ce to avoid confusing other tools (bsc#1182476).
  • CVE-2021-21284: Fixed a potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732)
  • CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730).
  • btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081)

runc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962).

  • Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821).
  • Fixed /dev/null is not available (bsc#1168481).
  • CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405).

containerd was updated to v1.4.4

  • CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397).
  • Handle a requirement from docker (bsc#1181594).
References

Affected packages

openSUSE:Leap 15.3 / containerd

Package

Name
containerd
Purl
purl:rpm/suse/containerd&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.4-5.32.1

Ecosystem specific

{
    "binaries": [
        {
            "runc": "1.0.0~rc93-1.14.2",
            "docker-zsh-completion": "20.10.6_ce-6.49.3",
            "containerd": "1.4.4-5.32.1",
            "docker-bash-completion": "20.10.6_ce-6.49.3",
            "docker": "20.10.6_ce-6.49.3",
            "docker-fish-completion": "20.10.6_ce-6.49.3",
            "containerd-ctr": "1.4.4-5.32.1"
        }
    ]
}

openSUSE:Leap 15.3 / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.10.6_ce-6.49.3

Ecosystem specific

{
    "binaries": [
        {
            "runc": "1.0.0~rc93-1.14.2",
            "docker-zsh-completion": "20.10.6_ce-6.49.3",
            "containerd": "1.4.4-5.32.1",
            "docker-bash-completion": "20.10.6_ce-6.49.3",
            "docker": "20.10.6_ce-6.49.3",
            "docker-fish-completion": "20.10.6_ce-6.49.3",
            "containerd-ctr": "1.4.4-5.32.1"
        }
    ]
}

openSUSE:Leap 15.3 / runc

Package

Name
runc
Purl
purl:rpm/suse/runc&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.0~rc93-1.14.2

Ecosystem specific

{
    "binaries": [
        {
            "runc": "1.0.0~rc93-1.14.2",
            "docker-zsh-completion": "20.10.6_ce-6.49.3",
            "containerd": "1.4.4-5.32.1",
            "docker-bash-completion": "20.10.6_ce-6.49.3",
            "docker": "20.10.6_ce-6.49.3",
            "docker-fish-completion": "20.10.6_ce-6.49.3",
            "containerd-ctr": "1.4.4-5.32.1"
        }
    ]
}